Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe
Analysis ID:	1467937
MD5:	a9166a6cfc62be9a1480a5777de8eb02
SHA1:	1b3b6cfac2e2e373870aad72794f31438ad15dd5
SHA256:	1d26cd221a5fa7ee2ddd98b7067cb134bb8e9480834752cbee042e4be040d108
Tags:	exe
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Machine Learning detection for sample

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to detect virtual machines (SGDT)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Program does not show much activity (idle)

Queries the volume information (name, serial number etc) of a device

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe (PID: 6624 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe" MD5: A9166A6CFC62BE9A1480A5777DE8EB02)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://s2.vodip.cn:3001/d%3a/dc8pe.exe

Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	ReversingLabs: Detection: 62%
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Virustotal: Detection: 45%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.6% probability

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Joe Sandbox ML: detected

Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Code function: 0_2_0075DD6B __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA,

0_2_0075DD6B

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E1B4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004E2EDB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004E2FBF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004E2FBF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004D407A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004F0015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004F0015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004F0015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004F0015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004F0015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-10h], esp	0_2_004F0015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004F0015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004F0015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004F0015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004F0015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004F0015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004F0015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-10h], esp	0_2_004F0015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E70E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-10h], esp	0_2_004E70E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004E70E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E70E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004E70E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E70E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E70E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004E70E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004D4159
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004D41DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004D41DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-40h], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-40h], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004D5197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], esp	0_2_004D82F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004D82F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004D82F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004D82F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004D82F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004D82F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004D82F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004D82F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004D82F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004D82F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004D82F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004D82F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004D82F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF347
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004DF347
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004DF347
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004DF347
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-10h], esp	0_2_004DB386
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004D439A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004D439A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-48h], esp	0_2_004EA3AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-10h], esp	0_2_004DD454
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004DD454
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004DD454
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004D4487
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], esp	0_2_004D4487
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-10h], esp	0_2_004D4487
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004D4487
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], esp	0_2_004DB4AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DB4AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], esp	0_2_004DB4AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DB4AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], esp	0_2_004DB4AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004EB531
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EB531
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EB531
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EB531
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004EB531
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004EB531
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp	0_2_004EB531
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EB531
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004EB531
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004EB531
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004EB531
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp	0_2_004EB531
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004EC5E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EC623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EC623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EC623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EC623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EC623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004D46FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004D46FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EA759
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EA759
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EA759
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-60h], esp	0_2_004EA759
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EA759
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004DC752
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004DA771
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004DA771
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EC7CE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-44h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-40h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-44h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-44h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-48h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-48h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-48h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-48h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-48h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-58h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-58h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-48h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-40h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-40h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-40h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-40h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-40h], esp	0_2_004DD7D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-38h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DF787
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004D4876
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004D4876
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-10h], esp	0_2_004E2822
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-10h], esp	0_2_004E2822
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EC8B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E0939
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E0939
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004EE9F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004EE9F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004D49AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004D49AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004D49AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004D49AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E09A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E09A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004D3A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004D3A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-54h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-38h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004E7A7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004EEA78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004EEA78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004EEA78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EEA78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EEA78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-30h], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004E9A79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004DAA25
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004DAA25
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004DAA25
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004DAA25
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004DAA25
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004DAA25
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004DAA25
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004DAA25
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004DAA25
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004DAA25
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004D4AD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp	0_2_004D4AD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004D4AD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004D4AD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004ECA8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004F0A8C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EEBDA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EEBDA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-10h], esp	0_2_004EEBDA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004ECBF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004ECBF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004ECBF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004ECBF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004ECBF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004ECBF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D6B83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004D3BAA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004D3BAA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004EBC0E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004EBC0E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004EBC0E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-44h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp	0_2_004EAC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004EECF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004EECF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004EECF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004EECF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004EECF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004EECF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004EECF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004EECF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004EECF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004D9D3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004D9D3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D9D3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004D9D3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004D9D3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004D9D3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-10h], esp	0_2_004EFD89
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004EFD89
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004EFD89
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004ECE72
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004ECE72
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004ECE72
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004DAE35
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004DAE35
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-10h], esp	0_2_004D2EF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004D2EF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D2EF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D2EF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D2EF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004D2EF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D2EF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004D2EF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-28h], esp	0_2_004D2EF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004D2EF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004D2EF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004D2EF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004D2EF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004D2EF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004D2EF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8E85
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8E85
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004E8E85
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004D7EA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004D7EA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004D7EA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004D7EA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004D7EA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004D7EA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004D7EA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004D7EA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-08h], esp	0_2_004D7EA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004DAEA2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004DAEA2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004D3F4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004D3F4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004DAF52
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004DAF52
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp	0_2_004DAF52
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004DAF52
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004DAF52
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-44h], esp	0_2_004DAF52
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-24h], esp	0_2_004DAF52
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-04h], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004E8F3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004ECF8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004ECF8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004ECF8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004ECF8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004ECF8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004ECF8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-34h], esp	0_2_004ECF8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp	0_2_004ECF8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp	0_2_004ECF8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004EBF8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-18h], esp	0_2_004EBF8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp	0_2_004EBF8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], esp	0_2_004EBF8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004EBF8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004EBF8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 4x nop then cmp dword ptr [ebp-14h], esp	0_2_004EBF8E

Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: http://127.0.0.1:9695/jsonrpc?tm=
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: http://baidu.com
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: http://ip.3322.net
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: http://pan.baidu.com/s/1qWKD5ve
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: http://s1.vodip.cn:18080/upload.php
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: http://s1.vodip.cn:18080/upload.php------WebKitFormBoundary82XB4u9Ywg0A6zUm
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: http://s2.vodip.cn:3001/d%3a/dc8pe.exe
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1664209390.00000000029F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1666356861.00000000029F9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1665509940.00000000029F9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1665690616.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1666519164.00000000029FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1666569756.00000000029FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1666414938.00000000029FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1666356861.00000000029F9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1666414938.00000000029FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1666356861.00000000029F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com1
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1664209390.00000000029F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comceu
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1664209390.00000000029F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comyVr
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1640694318.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1640101862.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.comn
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1665290645.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1665509940.00000000029F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: http://www.ip138.com/
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1639409704.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1641420883.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1641367220.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com2
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1643245032.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.comX
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1641526017.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1641472090.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1643245032.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.comcom
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1641526017.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1641472090.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.comn
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: http://www.youku.com/playlist_show/id_25824322.html
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: https://User-Agent:Mozilla/4.0
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: https://apis.map.qq.com/jsapi?qt=rgeoc&lnglat=
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: https://map.baidu.com/?qt=ipLocation&t=
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: https://map.baidu.com/?qt=ipLocation&t=BAIDUID=B53B7B141370E43029382D2D25B46F28:FG=1;BIDUPSID=B53B7B
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: https://www.vodip.cn
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: https://www.vodip.cnUser-Agent:

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 0_2_00485360	0_2_00485360
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 0_2_004831C0	0_2_004831C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 0_2_00741332	0_2_00741332
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 0_2_007463B2	0_2_007463B2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 0_2_0048F8A0	0_2_0048F8A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 0_2_0048DA40	0_2_0048DA40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 0_2_00436A1B	0_2_00436A1B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 0_2_004AAB40	0_2_004AAB40

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: String function: 0046CC45 appears 96 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: String function: 0040106F appears 199 times

Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal64.winEXE@1/0@0/0

Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	ReversingLabs: Detection: 62%
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Virustotal: Detection: 45%

Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: C:\Program Files\RealVNC\VNC Server\vnclicense.exe -add 77NVU-D9G5T-79ESS-V9Y6X-JMVGA
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: C:\Program Files\RealVNC\VNC Server\vnclicense.exe -add 77NVU-D9G5T-79ESS-V9Y6X-JMVGA
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: ","connect-timeout": "5","lowest-speed-limit": "50K","uri-selector":"inorder"}]}result1970-01-01 08:00:00$@vnc.dlltaskkill /IM VNC.DLL /F127.0.0.1C:\Program Files\RealVNC\VNC Server\vncserver.exe\vnc.dll PortNumber=5900 password=\vnc.dll PortNumber=5900 C:\Program Files\RealVNC\VNC Server\vnclicense.exeC:\Program Files\RealVNC\VNC Server\vnclicense.exe -add 77NVU-D9G5T-79ESS-V9Y6X-JMVGAsc start vncserverQ@:\
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: \ssh\daemon.exe -start
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: \ssh\daemon.exe -stop
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: \ssh\daemon.exe -install
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: 121.5.153.139166\ssh\daemon.exeSYSTEM\CurrentControlSet\services\KpyM Telnet SSH Server v1.19c\ImagePath\ssh\daemon.exe -start\ssh\daemon.exe -stop\ssh\daemon.exe -uninstall\ssh\daemon.exe -install\ssh\daemon.exe -rsakey\p2pSYSTEM\CurrentControlSet\services\vod\displaynamep2p
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: 121.5.153.139166\ssh\daemon.exeSYSTEM\CurrentControlSet\services\KpyM Telnet SSH Server v1.19c\ImagePath\ssh\daemon.exe -start\ssh\daemon.exe -stop\ssh\daemon.exe -uninstall\ssh\daemon.exe -install\ssh\daemon.exe -rsakey\p2pSYSTEM\CurrentControlSet\services\vod\displaynamep2p
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	String found in binary or memory: 121.5.153.139166\ssh\daemon.exeSYSTEM\CurrentControlSet\services\KpyM Telnet SSH Server v1.19c\ImagePath\ssh\daemon.exe -start\ssh\daemon.exe -stop\ssh\daemon.exe -uninstall\ssh\daemon.exe -install\ssh\daemon.exe -rsakey\p2pSYSTEM\CurrentControlSet\services\vod\displaynamep2p

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: ssleay32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Section loaded: wintypes.dll	Jump to behavior

Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Static file information: File size 5873664 > 1048576

Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x36d000
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x10f000
Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Static PE information: Raw size of .data is bigger than: 0x100000 < 0x110000

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Code function: 0_2_004847B0 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary,

0_2_004847B0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 0_2_006F8350 push eax; ret	0_2_006F837E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 0_2_007373A0 push eax; ret	0_2_007373CE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 0_2_0073AFA4 push eax; ret	0_2_0073AFC2

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 0_2_004831C0 IsWindow,IsIconic,SetActiveWindow,IsWindow,IsWindow,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,SetParent,SetWindowPos,IsWindow,SendMessageA,SendMessageA,DestroyAcceleratorTable,IsWindow,IsWindow,IsWindow,IsWindow,IsWindow,GetParent,GetFocus,IsWindow,SendMessageA,IsWindow,GetFocus,SetFocus,		0_2_004831C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Code function: 0_2_0048C860 IsIconic,IsZoomed,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,SystemParametersInfoA,IsWindow,ShowWindow,		0_2_0048C860

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Code function: 0_2_00498AA0 sgdt fword ptr [ebp-08h]

0_2_00498AA0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

API coverage: 9.0 %

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Code function: 0_2_0075DD6B __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA,

0_2_0075DD6B

Source: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1688629405.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	API call chain: ExitProcess graph end node			graph_0-59131
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	API call chain: ExitProcess graph end node			graph_0-58838

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Code function: 0_2_004847B0 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary,

0_2_004847B0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Code function: 0_2_00454ED3 mov ecx, dword ptr fs:[00000030h]

0_2_00454ED3

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Code function: 0_2_004741E0 GetProcessHeap,RtlFreeHeap,

0_2_004741E0

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Code function: 0_2_00452A5B cpuid

0_2_00452A5B

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Code function: 0_2_0073D028 GetVersionExA,GetEnvironmentVariableA,GetModuleFileNameA,

0_2_0073D028

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Obfuscated Files or Information	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	22 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	62%	ReversingLabs	Win32.Trojan.Generic
SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	46%	Virustotal		Browse
SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://www.fontbureau.com/designersG	0%	URL Reputation	safe
http://www.fontbureau.com/designersG	0%	URL Reputation	safe
http://www.fontbureau.com/designers/?	0%	URL Reputation	safe
http://www.fontbureau.com/designers/?	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.fontbureau.com/designers?	0%	URL Reputation	safe
http://www.fontbureau.com/designers?	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.fontbureau.com/designers	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.fonts.com	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.apache.org/licenses/LICENSE-2.0	0%	URL Reputation	safe
http://www.fontbureau.com	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.fontbureau.com/designers/cabarga.htmlN	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.fontbureau.com/designers/frere-user.html	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.fontbureau.com/designers8	0%	URL Reputation	safe
http://baidu.com	0%	Avira URL Cloud	safe
https://www.vodip.cn	0%	Avira URL Cloud	safe
https://map.baidu.com/?qt=ipLocation&t=	0%	Avira URL Cloud	safe
http://www.fontbureau.comceu	0%	Avira URL Cloud	safe
http://www.tiro.com2	0%	Avira URL Cloud	safe
http://www.youku.com/playlist_show/id_25824322.html	0%	Avira URL Cloud	safe
http://www.fontbureau.com1	0%	Avira URL Cloud	safe
https://map.baidu.com/?qt=ipLocation&t=	0%	Virustotal		Browse
http://www.fonts.comn	0%	Avira URL Cloud	safe
http://baidu.com	1%	Virustotal		Browse
http://www.ascendercorp.com/typedesigners.html	0%	Avira URL Cloud	safe
http://ip.3322.net	0%	Avira URL Cloud	safe
http://www.fontbureau.comyVr	0%	Avira URL Cloud	safe
http://www.tiro.comn	0%	Avira URL Cloud	safe
https://www.vodip.cn	0%	Virustotal		Browse
http://www.ip138.com/	0%	Avira URL Cloud	safe
https://map.baidu.com/?qt=ipLocation&t=BAIDUID=B53B7B141370E43029382D2D25B46F28:FG=1;BIDUPSID=B53B7B	0%	Avira URL Cloud	safe
http://www.youku.com/playlist_show/id_25824322.html	0%	Virustotal		Browse
http://127.0.0.1:9695/jsonrpc?tm=	0%	Avira URL Cloud	safe
http://s1.vodip.cn:18080/upload.php------WebKitFormBoundary82XB4u9Ywg0A6zUm	0%	Avira URL Cloud	safe
http://www.tiro.comcom	0%	Avira URL Cloud	safe
https://map.baidu.com/?qt=ipLocation&t=BAIDUID=B53B7B141370E43029382D2D25B46F28:FG=1;BIDUPSID=B53B7B	0%	Virustotal		Browse
https://www.vodip.cnUser-Agent:	0%	Avira URL Cloud	safe
http://www.ascendercorp.com/typedesigners.html	0%	Virustotal		Browse
http://s1.vodip.cn:18080/upload.php------WebKitFormBoundary82XB4u9Ywg0A6zUm	0%	Virustotal		Browse
http://127.0.0.1:9695/jsonrpc?tm=	0%	Virustotal		Browse
http://www.tiro.comX	0%	Avira URL Cloud	safe
http://ip.3322.net	2%	Virustotal		Browse
http://s1.vodip.cn:18080/upload.php	0%	Avira URL Cloud	safe
https://apis.map.qq.com/jsapi?qt=rgeoc&lnglat=	0%	Avira URL Cloud	safe
https://User-Agent:Mozilla/4.0	0%	Avira URL Cloud	safe
http://pan.baidu.com/s/1qWKD5ve	0%	Avira URL Cloud	safe
http://www.ip138.com/	0%	Virustotal		Browse
http://s2.vodip.cn:3001/d%3a/dc8pe.exe	100%	Avira URL Cloud	malware
http://pan.baidu.com/s/1qWKD5ve	0%	Virustotal		Browse
http://s2.vodip.cn:3001/d%3a/dc8pe.exe	2%	Virustotal		Browse
https://apis.map.qq.com/jsapi?qt=rgeoc&lnglat=	0%	Virustotal		Browse
http://s1.vodip.cn:18080/upload.php	0%	Virustotal		Browse

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.fontbureau.com/designersG	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers/?	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.founder.com.cn/cn/bThe	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.tiro.com2	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1641367220.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers?	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://baidu.com	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.tiro.com	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1641420883.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://map.baidu.com/?qt=ipLocation&t=	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.goodfont.co.kr	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.comceu	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1664209390.00000000029F8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sajatypeworks.com	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1639409704.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.vodip.cn	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.typography.netD	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1665290645.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1665509940.00000000029F9000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com1	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1666356861.00000000029F9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.youku.com/playlist_show/id_25824322.html	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fonts.comn	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1640101862.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/DPlease	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.ascendercorp.com/typedesigners.html	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1664209390.00000000029F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1666356861.00000000029F9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1665509940.00000000029F9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1665690616.00000000029FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1666519164.00000000029FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1666569756.00000000029FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1666414938.00000000029FA000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fonts.com	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1640694318.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.kr	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ip.3322.net	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.sakkal.com	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	URL Reputation: safe	unknown
http://www.fontbureau.com	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1666356861.00000000029F9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1666414938.00000000029FA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comyVr	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1664209390.00000000029F8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.comn	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1641526017.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1641472090.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.ip138.com/	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://map.baidu.com/?qt=ipLocation&t=BAIDUID=B53B7B141370E43029382D2D25B46F28:FG=1;BIDUPSID=B53B7B	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://127.0.0.1:9695/jsonrpc?tm=	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.carterandcone.coml	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://s1.vodip.cn:18080/upload.php------WebKitFormBoundary82XB4u9Ywg0A6zUm	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.tiro.comcom	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1641526017.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1641472090.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1643245032.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.vodip.cnUser-Agent:	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	Avira URL Cloud: safe	unknown
http://www.tiro.comX	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000003.1643245032.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://s1.vodip.cn:18080/upload.php	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://apis.map.qq.com/jsapi?qt=rgeoc&lnglat=	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers8	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe, 00000000.00000002.1689175204.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://User-Agent:Mozilla/4.0	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	Avira URL Cloud: safe	unknown
http://pan.baidu.com/s/1qWKD5ve	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://s2.vodip.cn:3001/d%3a/dc8pe.exe	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe	false	2%, Virustotal, Browse Avira URL Cloud: malware	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467937
Start date and time:	2024-07-05 05:35:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe
Detection:	MAL
Classification:	mal64.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 65% Number of executed functions: 22 Number of non-executed functions: 116
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtProtectVirtualMemory calls found.

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.502667256778134
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe
File size:	5'873'664 bytes
MD5:	a9166a6cfc62be9a1480a5777de8eb02
SHA1:	1b3b6cfac2e2e373870aad72794f31438ad15dd5
SHA256:	1d26cd221a5fa7ee2ddd98b7067cb134bb8e9480834752cbee042e4be040d108
SHA512:	f19c36bb6265ff77f26d32a9744411c7952f64edfb8cd3f005c52bfe1ab15c635af07505503edef76eb47c8f1d6b88de03f23e0116b0d80dea002f4871fa85bc
SSDEEP:	49152:53imNw5OcAhag+mm92Mb290zMadBZ+s8KuqGaX0ToIBAUZLYoyLtfnlx:Dadmm090zMabSJBAUZLyt/
TLSH:	60465C137410D450E9940F7BD5A2423821AA1B54ECB6C443FB48FEA7BD79623AA5FB0F
File Content Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......%,.laM}?aM}?aM}?.Qq?oM}?.Rv?hM}?.Rw?gM}?.Qs?MM}?7Rn?MM}?gnv?`M}?gnw?5M}?.E ?cM}?aM\|?.O}?.Rn?{M}?.mo?`M}?Wkw?.M}?Wkv?.M}?.Rv?.M}

File Icon


Icon Hash:	1f39796c65418f38

Static PE Info

General

Entrypoint:	0x735a4e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x667E07A0 [Fri Jun 28 00:45:20 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	2c4253c65193f2da0d9f1dc83acfe007

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push FFFFFFFFh
push 0086E568h
push 00738F4Ch
mov eax, dword ptr fs:[00000000h]
push eax
mov dword ptr fs:[00000000h], esp
sub esp, 58h
push ebx
push esi
push edi
mov dword ptr [ebp-18h], esp
call dword ptr [0076E380h]
xor edx, edx
mov dl, ah
mov dword ptr [009E2CECh], edx
mov ecx, eax
and ecx, 000000FFh
mov dword ptr [009E2CE8h], ecx
shl ecx, 08h
add ecx, edx
mov dword ptr [009E2CE4h], ecx
shr eax, 10h
mov dword ptr [009E2CE0h], eax
push 00000001h
call 00007FCAF0CD8F89h
pop ecx
test eax, eax
jne 00007FCAF0CD18CAh
push 0000001Ch
call 00007FCAF0CD1988h
pop ecx
call 00007FCAF0CD8D34h
test eax, eax
jne 00007FCAF0CD18CAh
push 00000010h
call 00007FCAF0CD1977h
pop ecx
xor esi, esi
mov dword ptr [ebp-04h], esi
call 00007FCAF0CD8B62h
call dword ptr [0076E254h]
mov dword ptr [009E4A64h], eax
call 00007FCAF0CD8A20h
mov dword ptr [009E2C58h], eax
call 00007FCAF0CD87C9h
call 00007FCAF0CD870Bh
call 00007FCAF0CD5478h
mov dword ptr [ebp-30h], esi
lea eax, dword ptr [ebp-5Ch]
push eax
call dword ptr [0076E204h]
call 00007FCAF0CD869Ch
mov dword ptr [ebp-64h], eax
test byte ptr [ebp-30h], 00000001h
je 00007FCAF0CD18C8h
movzx eax, word ptr [ebp+00h]

Rich Headers

Programming Language:

[ C ] VS98 (6.0) SP6 build 8804
[C++] VS98 (6.0) SP6 build 8804
[C++] VS98 (6.0) build 8168
[ C ] VS98 (6.0) build 8168
[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x479110	0x1e0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x5e5000	0xc4b8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x36e000	0xac4	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x36cb5a	0x36d000	3023999a8d0bd37b5d310f4065129e6a	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x36e000	0x10e8cc	0x10f000	2eee037a332030e6d7723d22e0de83ab	False	0.6260900743773062	data	7.046661329905445	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x47d000	0x167ad1	0x110000	ef990f27e6b51a9bfa20b795cf873aa8	False	0.43723341997931986	data	5.563189018143252	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e5000	0xc4b8	0xd000	133dbfa33bd9121cb1a807d71afe4cc3	False	0.4587214543269231	data	5.4280864851334885	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
TEXTINCLUDE	0x5e5dd4	0xb	ASCII text, with no line terminators	Chinese	China	1.7272727272727273
TEXTINCLUDE	0x5e5de0	0x16	data	Chinese	China	1.3636363636363635
TEXTINCLUDE	0x5e5df8	0x151	C source, ASCII text, with CRLF line terminators	Chinese	China	0.6201780415430267
RT_CURSOR	0x5e5f4c	0x134	data	Chinese	China	0.5811688311688312
RT_CURSOR	0x5e6080	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"	Chinese	China	0.37662337662337664
RT_CURSOR	0x5e61b4	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	Chinese	China	0.4805194805194805
RT_CURSOR	0x5e62e8	0xb4	Targa image data - Map 32 x 65536 x 1 +16 "\001"	Chinese	China	0.7
RT_BITMAP	0x5e639c	0x16c	Device independent bitmap graphic, 39 x 13 x 4, image size 260	Chinese	China	0.3598901098901099
RT_BITMAP	0x5e6508	0x248	Device independent bitmap graphic, 64 x 15 x 4, image size 480	Chinese	China	0.3407534246575342
RT_BITMAP	0x5e6750	0x144	Device independent bitmap graphic, 33 x 11 x 4, image size 220	Chinese	China	0.4444444444444444
RT_BITMAP	0x5e6894	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m	Chinese	China	0.26453488372093026
RT_BITMAP	0x5e69ec	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m	Chinese	China	0.2616279069767442
RT_BITMAP	0x5e6b44	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m	Chinese	China	0.2441860465116279
RT_BITMAP	0x5e6c9c	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m	Chinese	China	0.24709302325581395
RT_BITMAP	0x5e6df4	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m	Chinese	China	0.2238372093023256
RT_BITMAP	0x5e6f4c	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240	Chinese	China	0.19476744186046513
RT_BITMAP	0x5e70a4	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240	Chinese	China	0.20930232558139536
RT_BITMAP	0x5e71fc	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240	Chinese	China	0.18895348837209303
RT_BITMAP	0x5e7354	0x5e4	Device independent bitmap graphic, 70 x 39 x 4, image size 1404	Chinese	China	0.34615384615384615
RT_BITMAP	0x5e7938	0xb8	Device independent bitmap graphic, 12 x 10 x 4, image size 80	Chinese	China	0.44565217391304346
RT_BITMAP	0x5e79f0	0x16c	Device independent bitmap graphic, 39 x 13 x 4, image size 260	Chinese	China	0.28296703296703296
RT_BITMAP	0x5e7b5c	0x144	Device independent bitmap graphic, 33 x 11 x 4, image size 220	Chinese	China	0.37962962962962965
RT_ICON	0x5e7ca0	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	Chinese	China	0.26344086021505375
RT_ICON	0x5e7f88	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	Chinese	China	0.41216216216216217
RT_ICON	0x5e80b0	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 0			0.19817073170731708
RT_ICON	0x5e8718	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0			0.3239247311827957
RT_ICON	0x5e8a00	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0			0.5371621621621622
RT_ICON	0x5e8b28	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0			0.6692430703624733
RT_ICON	0x5e99d0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0			0.7527075812274369
RT_ICON	0x5ea278	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0			0.8139400921658986
RT_ICON	0x5ea940	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0			0.6777456647398844
RT_ICON	0x5eaea8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0			0.5547717842323652
RT_ICON	0x5ed450	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0			0.5830206378986866
RT_ICON	0x5ee4f8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0			0.6844262295081968
RT_ICON	0x5eee80	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0			0.7668439716312057
RT_MENU	0x5ef2e8	0xc	data	Chinese	China	1.5
RT_MENU	0x5ef2f4	0x284	data	Chinese	China	0.5
RT_DIALOG	0x5ef578	0x98	data	Chinese	China	0.7171052631578947
RT_DIALOG	0x5ef610	0x17a	data	Chinese	China	0.5185185185185185
RT_DIALOG	0x5ef78c	0xfa	data	Chinese	China	0.696
RT_DIALOG	0x5ef888	0xea	data	Chinese	China	0.6239316239316239
RT_DIALOG	0x5ef974	0x8ae	data	Chinese	China	0.39603960396039606
RT_DIALOG	0x5f0224	0xb2	data	Chinese	China	0.7359550561797753
RT_DIALOG	0x5f02d8	0xcc	data	Chinese	China	0.7647058823529411
RT_DIALOG	0x5f03a4	0xb2	data	Chinese	China	0.6629213483146067
RT_DIALOG	0x5f0458	0xe2	data	Chinese	China	0.6637168141592921
RT_DIALOG	0x5f053c	0x18c	data	Chinese	China	0.5227272727272727
RT_STRING	0x5f06c8	0x50	data	Chinese	China	0.85
RT_STRING	0x5f0718	0x2c	data	Chinese	China	0.5909090909090909
RT_STRING	0x5f0744	0x78	data	Chinese	China	0.925
RT_STRING	0x5f07bc	0x1c4	data	Chinese	China	0.8141592920353983
RT_STRING	0x5f0980	0x12a	data	Chinese	China	0.5201342281879194
RT_STRING	0x5f0aac	0x146	data	Chinese	China	0.6288343558282209
RT_STRING	0x5f0bf4	0x40	data	Chinese	China	0.65625
RT_STRING	0x5f0c34	0x64	data	Chinese	China	0.73
RT_STRING	0x5f0c98	0x1d8	data	Chinese	China	0.6758474576271186
RT_STRING	0x5f0e70	0x114	data	Chinese	China	0.6376811594202898
RT_STRING	0x5f0f84	0x24	data	Chinese	China	0.4444444444444444
RT_GROUP_CURSOR	0x5f0fa8	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.25
RT_GROUP_CURSOR	0x5f0fbc	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.25
RT_GROUP_CURSOR	0x5f0fd0	0x22	Lotus unknown worksheet or configuration, revision 0x2	Chinese	China	1.0294117647058822
RT_GROUP_ICON	0x5f0ff4	0xa0	data			0.625
RT_GROUP_ICON	0x5f1094	0x14	data	Chinese	China	1.2
RT_GROUP_ICON	0x5f10a8	0x14	data	Chinese	China	1.25
RT_VERSION	0x5f10bc	0x22c	data	Chinese	China	0.5197841726618705
RT_MANIFEST	0x5f12e8	0x1cd	XML 1.0 document, ASCII text, with very long lines (461), with no line terminators			0.5878524945770065

Imports

DLL	Import
kernel32.dll	WriteFile, CloseHandle, GetModuleFileNameA, IsBadReadPtr, HeapFree, ReadFile, HeapReAlloc, HeapAlloc, ExitProcess, GetTickCount, GetTempPathA, Sleep, GetLocalTime, GetCurrentDirectoryA, FreeLibrary, LoadLibraryA, LCMapStringA, FlushFileBuffers, MapViewOfFile, LocalSize, CreateFileA, GetProcessHeap, VirtualAlloc, VirtualProtectEx, WideCharToMultiByte, LocalAlloc, lstrlenW, GetFileSize, LCMapStringW, IsBadCodePtr, SetUnhandledExceptionFilter, InterlockedIncrement, InterlockedDecrement, SetFilePointer, GetStringTypeW, GetStringTypeA, GetOEMCP, GetCommandLineA, GetVersion, RtlUnwind, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, GetModuleHandleA, SetStdHandle, RtlMoveMemory, LocalFree, GlobalAlloc, GlobalLock, TlsFree, SetLastError, TlsGetValue, GetLastError, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, RaiseException, GlobalUnlock, GlobalFree, LoadLibraryW, GetProcAddress, MultiByteToWideChar, CreateFileMappingA, IsBadWritePtr, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCPInfo, GetACP
user32.dll	UpdateLayeredWindow, GetDC, GetWindowRect, GetWindowLongA, MessageBoxA, wsprintfA, GetCursorPos, GetClipboardData, ReleaseDC, TranslateMessage, DispatchMessageA, OpenClipboard, GetSystemMetrics, GetClassNameA, EnumWindows, IsWindow, CallWindowProcA, TrackMouseEvent, PeekMessageA, GetAncestor, GetMessageA, ShowWindow, CreateWindowExA, SendMessageA, EnumChildWindows, GetPropA, SetPropA, CloseClipboard
gdi32.dll	CreateCompatibleDC, SelectObject, DeleteDC, CreateDIBSection, DeleteObject
gdiplus.dll	GdipCreateSolidFill, GdipCreateFromHDC, GdipCreateBitmapFromScan0, GdipGetImageGraphicsContext, GdipDisposeImage, GdiplusStartup, GdipSetSolidFillColor, GdipDrawRectangleI, GdipDeleteBrush, GdipSetTextRenderingHint, GdipGetRegionBounds, GdipLoadImageFromFile, GdipLoadImageFromStream, GdipGetImageWidth, GdipDeletePen, GdipSetSmoothingMode, GdipGetImageHeight
ole32.dll	OleInitialize, OleUninitialize, CLSIDFromString, CoCreateInstance, OleRun, CreateStreamOnHGlobal, CLSIDFromString, CLSIDFromProgID
imm32.dll	ImmSetCompositionWindow, ImmGetContext, ImmAssociateContext, ImmGetCompositionStringW, ImmReleaseContext
shell32.dll	ShellExecuteA, SHAppBarMessage
shlwapi.dll	PathFileExistsA
winmm.dll	PlaySoundA
RASAPI32.dll	RasHangUpA, RasGetConnectStatusA
WINMM.dll	midiOutUnprepareHeader, midiStreamOpen, midiStreamProperty, midiOutPrepareHeader, midiStreamOut, waveOutUnprepareHeader, waveOutPrepareHeader, waveOutWrite, waveOutPause, waveOutReset, waveOutClose, waveOutGetNumDevs, waveOutOpen, midiStreamStop, midiOutReset, midiStreamClose, midiStreamRestart
WS2_32.dll	setsockopt, socket, htonl, bind, htons, WSAAsyncSelect, closesocket, send, select, WSAStartup, gethostbyname, inet_ntoa, inet_addr, gethostname, sendto, recvfrom, ioctlsocket, connect, recv, listen, getpeername, accept, __WSAFDIsSet, ntohs, getsockname, WSACleanup
KERNEL32.dll	VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetFileType, SetStdHandle, HeapSize, RaiseException, GetSystemTime, RtlUnwind, GetStartupInfoA, GetOEMCP, GetCPInfo, GetProcessVersion, SetErrorMode, GlobalFlags, GetCurrentThread, GetFileTime, LocalReAlloc, GlobalHandle, LocalAlloc, lstrcmpA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, CloseHandle, WaitForSingleObject, CreateProcessA, GetTickCount, GetCommandLineA, MulDiv, GetProcAddress, GetModuleHandleA, GetVolumeInformationA, SetCurrentDirectoryA, GetCurrentDirectoryA, CopyFileA, DeleteFileA, MoveFileA, GetFileAttributesA, SetFileAttributesA, FindClose, FindFirstFileA, GlobalUnlock, GlobalLock, GlobalAlloc, ExpandEnvironmentStringsA, Sleep, CreateEventA, CreateThread, GetPrivateProfileStringA, WritePrivateProfileStringA, GetVersionExA, GetLastError, LoadLibraryA, FreeLibrary, GetFullPathNameA, GetUserDefaultLCID, HeapAlloc, GetProcessHeap, HeapReAlloc, HeapFree, GlobalReAlloc, GetDriveTypeA, FindNextFileA, lstrcpyA, WinExec, lstrlenA, lstrcatA, InitializeCriticalSection, DeleteCriticalSection, GlobalFree, GlobalSize, ExitProcess, GetCurrentThreadId, GetModuleFileNameA, lstrlenW, ReadFile, LockResource, LoadResource, FindResourceA, SetEvent, DeviceIoControl, CreateFileA, WaitForMultipleObjects, WriteFile, GetProfileStringA, LeaveCriticalSection, EnterCriticalSection, ReleaseSemaphore, ResumeThread, CreateSemaphoreA, GetWindowsDirectoryA, SetSystemPowerState, GetCurrentProcess, MultiByteToWideChar, WideCharToMultiByte, FileTimeToSystemTime, GetTimeZoneInformation, SetLastError, SetFilePointer, GetFileSize, TerminateProcess, GetLocaleInfoA, GetVersion, GetACP, SetNamedPipeHandleState, WaitNamedPipeA, UnmapViewOfFile, MapViewOfFile, OpenFileMappingA, OpenEventA, TlsAlloc, TlsFree, TlsSetValue, TlsGetValue, InterlockedIncrement, InterlockedDecrement, SetEnvironmentVariableW, SetEnvironmentVariableA, LCMapStringA, LCMapStringW, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, IsValidLocale, IsValidCodePage, EnumSystemLocalesA, CompareStringA, CompareStringW, IsBadReadPtr, IsBadCodePtr, GetLocaleInfoW, InterlockedExchange, VirtualProtect, VirtualQuery, GetSystemInfo, InterlockedCompareExchange, lstrcmpiA, GetStringTypeExA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, DuplicateHandle, lstrcpynA, FileTimeToLocalFileTime, LocalFree, GetLocalTime
USER32.dll	GetDesktopWindow, GetClassNameA, GetDlgItem, FindWindowExA, UnregisterClassA, CallWindowProcA, CreateWindowExA, RegisterHotKey, UnregisterHotKey, SetActiveWindow, SetCursorPos, LoadCursorA, SetCursor, GetDC, FillRect, IsRectEmpty, ReleaseDC, IsChild, DestroyMenu, SetForegroundWindow, EqualRect, UpdateWindow, ValidateRect, InvalidateRect, GetClientRect, GetFocus, GetParent, GetTopWindow, PostMessageA, IsWindow, SetParent, DestroyCursor, SendMessageA, SetWindowPos, MessageBoxA, GetCursorPos, GetSystemMetrics, EmptyClipboard, SetClipboardData, OpenClipboard, GetClipboardData, CloseClipboard, wsprintfA, WaitForInputIdle, EnumDisplaySettingsA, LoadImageA, SystemParametersInfoA, TranslateMessage, IsWindowEnabled, TranslateAcceleratorA, SetWindowTextA, ExitWindowsEx, GetForegroundWindow, GetWindowRect, LoadIconA, DrawFrameControl, DrawEdge, DrawFocusRect, WindowFromPoint, GetMessageA, DispatchMessageA, SetRectEmpty, GetWindowTextLengthA, CharUpperA, GetWindowDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, DestroyWindow, CreateDialogIndirectParamA, EndDialog, GetNextDlgTabItem, GetWindowPlacement, RegisterWindowMessageA, GetLastActivePopup, GetMessageTime, RemovePropA, GetPropA, UnhookWindowsHookEx, SetPropA, GetClassLongA, CallNextHookEx, SetWindowsHookExA, GetMenuItemID, GetMenuItemCount, RegisterClassA, GetScrollPos, AdjustWindowRectEx, MapWindowPoints, SendDlgItemMessageA, ScrollWindowEx, IsDialogMessageA, MoveWindow, CheckMenuItem, SetMenuItemBitmaps, GetMenuState, GetMenuCheckMarkDimensions, LoadStringA, RegisterClipboardFormatA, CreateIconFromResourceEx, CreateIconFromResource, DrawIconEx, CreatePopupMenu, AppendMenuA, ModifyMenuA, CreateMenu, CreateAcceleratorTableA, GetDlgCtrlID, GetSubMenu, EnableMenuItem, ShowWindow, ClientToScreen, GetSysColorBrush, GetKeyState, CopyAcceleratorTableA, PostQuitMessage, IsZoomed, GetClassInfoA, DefWindowProcA, GetSystemMenu, DeleteMenu, GetMenu, SetMenu, PeekMessageA, IsIconic, SetFocus, GetActiveWindow, GetWindow, DestroyAcceleratorTable, SetWindowRgn, GetMessagePos, ScreenToClient, ChildWindowFromPointEx, CopyRect, LoadBitmapA, WinHelpA, KillTimer, SetTimer, ReleaseCapture, GetCapture, SetCapture, GetScrollRange, SetScrollRange, SetScrollPos, SetRect, InflateRect, IntersectRect, DestroyIcon, PtInRect, OffsetRect, IsWindowVisible, EnableWindow, RedrawWindow, GetWindowLongA, SetWindowLongA, GetSysColor, GetWindowTextA
GDI32.dll	LineTo, MoveToEx, ExcludeClipRect, GetClipBox, ScaleWindowExtEx, SetWindowExtEx, SetWindowOrgEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetTextColor, SetROP2, SetPolyFillMode, SetBkMode, RestoreDC, SaveDC, ExtSelectClipRgn, GetViewportExtEx, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextMetricsA, RoundRect, GetTextExtentPoint32A, GetCurrentObject, DPtoLP, LPtoDP, Rectangle, Ellipse, CreateCompatibleDC, GetPixel, BitBlt, StartPage, StartDocA, DeleteDC, TranslateCharsetInfo, CreateFontA, SetBkColor, CreateRectRgnIndirect, CreateDIBSection, SetPixel, ExtCreateRegion, SetStretchBltMode, GetClipRgn, CreatePolygonRgn, EndDoc, EndPage, GetObjectA, GetStockObject, CreateFontIndirectA, CreateSolidBrush, FillRgn, CreateRectRgn, SelectClipRgn, DeleteObject, CreateDIBitmap, GetSystemPaletteEntries, CreatePalette, StretchBlt, SelectPalette, CombineRgn, PatBlt, CreatePen, RealizePalette, GetDIBits, GetWindowExtEx, GetViewportOrgEx, GetWindowOrgEx, BeginPath, EndPath, PathToRegion, CreateEllipticRgn, CreateRoundRectRgn, GetTextColor, SelectObject, CreateBitmap, CreateDCA, CreateCompatibleBitmap, GetPolyFillMode, GetStretchBltMode, GetROP2, GetBkColor, GetBkMode, GetDeviceCaps
WINSPOOL.DRV	DocumentPropertiesA, OpenPrinterA, ClosePrinter
ADVAPI32.dll	RegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, RegCreateKeyA, RegEnumValueA, RegCreateKeyExA, RegQueryValueA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken
SHELL32.dll	Shell_NotifyIconA, ShellExecuteA, DragAcceptFiles, DragFinish, DragQueryFileA
OLEAUT32.dll	UnRegisterTypeLib, LoadTypeLib, LHashValOfNameSys, RegisterTypeLib, SafeArrayCreate, SafeArrayDestroy, SysAllocString, VariantInit, VariantCopyInd, SafeArrayGetElement, SafeArrayAccessData, SafeArrayUnaccessData, SafeArrayGetDim, SafeArrayGetLBound, SafeArrayGetUBound, VariantChangeType, VariantClear, VariantCopy, SafeArrayPutElement
COMCTL32.dll	ImageList_Add, ImageList_BeginDrag, ImageList_Create, ImageList_Destroy, ImageList_DragEnter, ImageList_DragLeave, ImageList_DragMove, ImageList_DragShowNolock, ImageList_EndDrag
WSOCK32.dll	shutdown, getservbyname, WSAGetLastError
WININET.dll	InternetOpenA, InternetCloseHandle, InternetSetOptionA, InternetConnectA, InternetReadFile, HttpQueryInfoA, HttpSendRequestA, HttpOpenRequestA, InternetCrackUrlA, InternetCanonicalizeUrlA
comdlg32.dll	ChooseFontA, GetOpenFileNameA, GetSaveFileNameA, GetFileTitleA, ChooseColorA

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China

Target ID:	0
Start time:	23:35:52
Start date:	04/07/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe"
Imagebase:	0x400000
File size:	5'873'664 bytes
MD5 hash:	A9166A6CFC62BE9A1480A5777DE8EB02
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	24.3%
Total number of Nodes:	762
Total number of Limit Nodes:	22

Executed Functions

Function 00485360 Relevance: 18.3, APIs: 12, Instructions: 273
threadwindownetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00485385
IsWindow.USER32(00000000), ref: 004853A1
SendMessageA.USER32(00000000,000083E7,?,00000000), ref: 004853BA
ExitProcess.KERNEL32 ref: 004853CF
FreeLibrary.KERNEL32(?), ref: 004854B3
FreeLibrary.KERNEL32 ref: 00485507
DestroyCursor.USER32(00000000), ref: 00485557
DestroyCursor.USER32(00000000), ref: 0048556E
IsWindow.USER32(00000000), ref: 00485585
DestroyCursor.USER32(?), ref: 00485634
WSACleanup.WS2_32 ref: 0048567F

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorDestroy$FreeLibraryWindow$CleanupCurrentExitMessageProcessSendThread
String ID:
API String ID: 2560087610-0
Opcode ID: 680cf71918d0b17e3dffabfee1b52620124dcdc19bf21c25344932fe2cd9f9fe
Instruction ID: 2130f70b9fecb6af99ff42e131329c5431f9718f20096fc677868dc608e98feb
Opcode Fuzzy Hash: 680cf71918d0b17e3dffabfee1b52620124dcdc19bf21c25344932fe2cd9f9fe
Instruction Fuzzy Hash: 0EB17BB0200B019FC724EF65C8C5BAFB7E5BF48300F50492EE59A97291DB78B985CB59

Function 004E1B4F Relevance: 16.7, APIs: 7, Strings: 2, Instructions: 999libraryloaderwindowCOMMON

Download Yara Rule

APIs

GdiplusStartup.GDIPLUS(008C60DE,00000000,00000000), ref: 004E1BC6
LoadLibraryW.KERNELBASE(?,?), ref: 004E1C14
GetProcAddress.KERNEL32(?,AlphaBlend), ref: 004E1C4E
CreateSolidBrush.GDI32(00000000), ref: 004E1C81
LoadCursorA.USER32(00000000,00007F00), ref: 004E1CAF
GdipCreateBitmapFromScan0.GDIPLUS(00000001,00000001,00000000,0026200A,00000000,008C60EA), ref: 004E1CFE
GdipGetImageGraphicsContext.GDIPLUS(008C60EE), ref: 004E1D28

Strings

AlphaBlend, xrefs: 004E1C46
msimg32.dll, xrefs: 004E1BE2

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateGdipLoad$AddressBitmapBrushContextCursorFromGdiplusGraphicsImageLibraryProcScan0SolidStartup
String ID: AlphaBlend$msimg32.dll
API String ID: 1361348269-3639726679
Opcode ID: 7c5e9608031849df3ad491afbd5518d93e27c8680defedf8300a2b084f276baa
Instruction ID: df29ebcb1c83c1c0ec0965c95258dddef1b85fa0b028d24e219946e28b1c355a
Opcode Fuzzy Hash: 7c5e9608031849df3ad491afbd5518d93e27c8680defedf8300a2b084f276baa
Instruction Fuzzy Hash: 2A6271B1D41349ABDB10DFA1ED47BBFB675BF05302F14102AF10576291E7B58A20CBAA

Function 004847B0 Relevance: 15.3, APIs: 10, Instructions: 281
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(00000000,00987414), ref: 00484817
LoadLibraryA.KERNEL32(?,?,00999030), ref: 00484907
LoadLibraryA.KERNELBASE(?,?), ref: 0048494D
LoadLibraryA.KERNELBASE(?,?,00998F38,00000001), ref: 00484995
LoadLibraryA.KERNELBASE(00000001), ref: 004849AB
GetProcAddress.KERNEL32(00000000,?), ref: 004849BD
FreeLibrary.KERNEL32(00000000), ref: 00484A50

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Library$Load$AddressProc$Free
String ID:
API String ID: 3120990465-0
Opcode ID: 7085cb060b48073513eab062b3d225731433f8a2217a3b8d17b2120c82610a13
Instruction ID: b0a4cadd093de02aff1bb03b01eac22b811c19240a9f70cdfc651285b9ed0d6b
Opcode Fuzzy Hash: 7085cb060b48073513eab062b3d225731433f8a2217a3b8d17b2120c82610a13
Instruction Fuzzy Hash: 6DA1A2B56007429FC724EF68C885BABB3A8FF88314F044A1EF95587341E738E905CB95

Function 004E2FBF Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileMappingA.KERNEL32(FFFFFFFF,00000000,00000004,00000000,00000004,00000000), ref: 004E306B
MapViewOfFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 004E30AC

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$CreateMappingView
String ID:
API String ID: 3452162329-0
Opcode ID: 9e479160fe60cf92e761ee895977993ef5bb6a3acf289709b65d4f58f9cafa8f
Instruction ID: ffebbdc901874d576c6ff8be3228c1e538887e24fd2aae2ac4ac70904725165e
Opcode Fuzzy Hash: 9e479160fe60cf92e761ee895977993ef5bb6a3acf289709b65d4f58f9cafa8f
Instruction Fuzzy Hash: 59217C70D01248FBEF119F92DC0A7AEBB70AB05302F248099E2003A290D77A4A64DB5D

Function 004741E0 Relevance: 3.0, APIs: 2, Instructions: 37
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,?,00474178,?,?,?,?,00473FF6,00000000,?,?,?,0046FE22,?,000007DB), ref: 00474229
RtlFreeHeap.NTDLL(00CB0000,00000000,?,00000000,?,00474178,?,?,?,?,00473FF6,00000000,?,?,?,0046FE22), ref: 00474238

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 773f07bc38e48ae654142910a12afeae2cae930c59ebe4c0fd6c537fbcd3af75
Instruction ID: e42c27db617fc62c757b706a6f23b2d6ca6f5e584c4a0d6455cdc3fe96040250
Opcode Fuzzy Hash: 773f07bc38e48ae654142910a12afeae2cae930c59ebe4c0fd6c537fbcd3af75
Instruction Fuzzy Hash: 0CF0C2362002019BC710CB69EA04A97B76AEBD1B15F05C4ABE549CB215D774E812CBA4

Function 004E2EDB Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 004E2F05

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentProcess
String ID:
API String ID: 2050909247-0
Opcode ID: e608202aabf8dcaf1ac7322eb06e204baf814bc58c83347da8da794debbf12a3
Instruction ID: 4b471b3bd92beb6ed8ef1c7c371c08a095c8c458fe711d58ef0fb4ae7934832d
Opcode Fuzzy Hash: e608202aabf8dcaf1ac7322eb06e204baf814bc58c83347da8da794debbf12a3
Instruction Fuzzy Hash: 1A11D6F1E01344ABEF10EFA19D82B6F767CEF14305F040429FA0576383E6B65A20875A

Function 00766D6F Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnterCriticalSection.KERNEL32(009E28E0,009E28B4,00000000,?,009E28C4,009E28C4,0076710A,?,00000000,00766B5D,00766457,00766B79,00762088,0076332A,?,00000000), ref: 00766D7E
GlobalAlloc.KERNELBASE(00002002,00000000,?,?,009E28C4,009E28C4,0076710A,?,00000000,00766B5D,00766457,00766B79,00762088,0076332A,?,00000000), ref: 00766DD3
GlobalHandle.KERNEL32(00CC2620), ref: 00766DDC
GlobalUnlock.KERNEL32(00000000,?,?,009E28C4,009E28C4,0076710A,?,00000000,00766B5D,00766457,00766B79,00762088,0076332A,?,00000000), ref: 00766DE5
GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 00766DF7
GlobalHandle.KERNEL32(00CC2620), ref: 00766E0E
GlobalLock.KERNEL32(00000000,?,?,009E28C4,009E28C4,0076710A,?,00000000,00766B5D,00766457,00766B79,00762088,0076332A,?,00000000), ref: 00766E15
LeaveCriticalSection.KERNEL32(.[s,?,?,009E28C4,009E28C4,0076710A,?,00000000,00766B5D,00766457,00766B79,00762088,0076332A,?,00000000), ref: 00766E1B
GlobalLock.KERNEL32(00000000,?,?,009E28C4,009E28C4,0076710A,?,00000000,00766B5D,00766457,00766B79,00762088,0076332A,?,00000000), ref: 00766E2A
LeaveCriticalSection.KERNEL32(?), ref: 00766E73

Strings

.[s, xrefs: 00766E17

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
String ID: .[s
API String ID: 2667261700-1573983969
Opcode ID: 63126499208e1b9e70678b4f0c114c9652fe8ac6b40a2517d5c7554bf61b872b
Instruction ID: 2c2a5b8395f74f5203a59a143e000c60254b0376001761f8c1bd1bf9d66111f2
Opcode Fuzzy Hash: 63126499208e1b9e70678b4f0c114c9652fe8ac6b40a2517d5c7554bf61b872b
Instruction Fuzzy Hash: FD3172753007059FDB249F28DC99A6AB7E9FF44301B004A2DF957C7661E7B9EC048B20

Function 004AB9A0 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370
commemorythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 004AB9C9
OleInitialize.OLE32(00000000), ref: 004ABA05
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004ABA23
SetCurrentDirectoryA.KERNEL32(028056D8,?), ref: 004ABA7D
LoadCursorA.USER32(00000000,00007F00), ref: 004ABAD8
GetStockObject.GDI32(00000005), ref: 004ABAF9
GetCurrentThreadId.KERNEL32 ref: 004ABB21

Strings

_EL_HideOwner, xrefs: 004ABB03
8#w, xrefs: 004ABC15, 004ABC40

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Current$CursorDirectoryFileHeapInitializeLoadModuleNameObjectProcessStockThread
String ID: 8#w$_EL_HideOwner
API String ID: 3783217854-917855970
Opcode ID: 710132b98e85d38b8c7ae70ce95573a2df484962243dc734a14815d03f9f6a26
Instruction ID: 8a536608f4f4a8af838898028604fb4c93b58c48068bd3bf90b4a5e47a97385e
Opcode Fuzzy Hash: 710132b98e85d38b8c7ae70ce95573a2df484962243dc734a14815d03f9f6a26
Instruction Fuzzy Hash: BCE1E370A00205DBDB14DFA8DC81FEE77B4FF55304F14806EE906A7292DB786945CBA9

Function 00767A01 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNELBASE(00000000,?,00000104,?,?), ref: 00767A32

Part of subcall function 00767B1E: lstrlenA.KERNEL32(00000104,00000000,?,00767A62), ref: 00767B55

lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 00767AD3
lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 00767B00

Strings

.HLP, xrefs: 00767ACD
.INI, xrefs: 00767AFA

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileModuleNamelstrcatlstrcpylstrlen
String ID: .HLP$.INI
API String ID: 2421895198-3011182340
Opcode ID: 6b826177dcb24c7ee82d641f8cdd0f0b4d379063e45d3c77f79dedb5b0403566
Instruction ID: a90d96c87384d4b7864ae0053d8db121f1caf24637fe89d9e3b6f0f9cd377025
Opcode Fuzzy Hash: 6b826177dcb24c7ee82d641f8cdd0f0b4d379063e45d3c77f79dedb5b0403566
Instruction Fuzzy Hash: 7D3185B5504719DFDB21DBB4C885B86B7FCFF04304F10496AE58AD7142DB78AA84CB60

Function 006ECFC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25
memorywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(006F0038,006EFD92,00000000,00000000,00000000,006EFD91,00000000,?,?,?,0088AACE,?,000009DC,00000000,?,006ED1E4), ref: 006ECFC9
RtlAllocateHeap.NTDLL(00CB0000,00000008,?,00000000,006F0038,006EFD92,00000000,00000000,00000000,006EFD91,00000000,?,?,?,0088AACE), ref: 006ECFDD
MessageBoxA.USER32(00000000,008C682E,error,00000010), ref: 006ECFF6

Strings

error, xrefs: 006ECFEB

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Heap$AllocateMessageProcess
String ID: error
API String ID: 2992861138-1574812785
Opcode ID: 9069389ca717d50db919636feca35a12cc8cb2dcc047987f57f68419b49404dd
Instruction ID: 3f155a17e54546ffc4ee7b434f3b2273cb86893a871229a7d25ef0abdda7cd56
Opcode Fuzzy Hash: 9069389ca717d50db919636feca35a12cc8cb2dcc047987f57f68419b49404dd
Instruction Fuzzy Hash: CAE0D875A413517BDA205B64AC0EF8B3AB5FF04791F014434F442D3340FAB8D80197A9

Function 0076799E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000000,00000000,00763349,00000000,00000000,00000000,00000000,?,00000000,?,0075A899,00000000,00000000,00000000,00000000,00735B2E), ref: 007679A7
SetErrorMode.KERNELBASE(00000000,?,00000000,?,0075A899,00000000,00000000,00000000,00000000,00735B2E,00000000), ref: 007679AE

Part of subcall function 00767A01: GetModuleFileNameA.KERNELBASE(00000000,?,00000104,?,?), ref: 00767A32
Part of subcall function 00767A01: lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 00767AD3
Part of subcall function 00767A01: lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 00767B00

Strings

.[s, xrefs: 007679DC

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorMode$FileModuleNamelstrcatlstrcpy
String ID: .[s
API String ID: 3389432936-1573983969
Opcode ID: cb3aacb499eafdd949492d3a19dc118ff0654793bde06568a1b979f22bc0f929
Instruction ID: b8f330dbedf2778db040376eaca1433d56be1877d54e561f1f9d156bc7a10459
Opcode Fuzzy Hash: cb3aacb499eafdd949492d3a19dc118ff0654793bde06568a1b979f22bc0f929
Instruction Fuzzy Hash: D9F049B4908310CFC714EF24D859B1D7BE8AF44710F15848AF84A8B3A2CB78D845CBA6

Function 00762098 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 007620AB
SetWindowsHookExA.USER32(000000FF,V[G,00000000,00000000), ref: 007620BB

Part of subcall function 0076716B: __EH_prolog.LIBCMT ref: 00767170

Strings

V[G, xrefs: 007620B4

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentH_prologHookThreadWindows
String ID: V[G
API String ID: 2183259885-4176574820
Opcode ID: 58cc11419ee50dd4cff939b34ced724175c4660a596c21ba5958d3ae25b3b363
Instruction ID: d9bf3534481257f82d98b78141d7342f341f39f14522f602960810690a9af1f1
Opcode Fuzzy Hash: 58cc11419ee50dd4cff939b34ced724175c4660a596c21ba5958d3ae25b3b363
Instruction Fuzzy Hash: 76F0A071404754EBC7352B70AD0DB197690AB00760F540614FD83566E3CAAC8C86C365

Function 0048E5A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 7
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32(00000000,|KH,0088193C,00000010), ref: 0048E5AE

Strings

|KH, xrefs: 0048E5A0, 0048E5AB

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message
String ID: |KH
API String ID: 2030045667-3374323530
Opcode ID: b741bd9d97c8519eeedaecf6877e1bb25bcc1a249fb5245b2cf0c368080af77f
Instruction ID: 1eb0984ccbe7ea2923de4510a2443e01dc111b309ee723b6f72aab693f81ac63
Opcode Fuzzy Hash: b741bd9d97c8519eeedaecf6877e1bb25bcc1a249fb5245b2cf0c368080af77f
Instruction Fuzzy Hash: 6CB012383843007BED00A750DD0AF173A58E744F01F408400F246D81C3D6E458109B35

Function 00473FE0 Relevance: 3.1, APIs: 2, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25f059ea3d25caacdff1341837c3bc01f8fef394fa70a8a8a3f5d57dea8cdf47
Instruction ID: 8b3ee1e977eb98c8b1f5b5d0a94d29a4a890e76a856230750d410c5482605cf1
Opcode Fuzzy Hash: 25f059ea3d25caacdff1341837c3bc01f8fef394fa70a8a8a3f5d57dea8cdf47
Instruction Fuzzy Hash: A2213CB66007408FE720DF6AD884A97B7E8FBD0715B10C92FE25AC7250D775E815CB64

Function 0073D170 Relevance: 3.0, APIs: 2, Instructions: 30
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000,00735AAC,00000001), ref: 0073D181

Part of subcall function 0073D028: GetVersionExA.KERNEL32 ref: 0073D047

HeapDestroy.KERNEL32 ref: 0073D1C0

Part of subcall function 00740AE1: HeapAlloc.KERNEL32(00000000,00000140,0073D1A9,000003F8), ref: 00740AEE

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Heap$AllocCreateDestroyVersion
String ID:
API String ID: 2507506473-0
Opcode ID: 39f76468162a53844569274d6279a1144a5268aad58e3a6c94fe75d9998f048c
Instruction ID: 4827748a8f8ca57e485cea76f2a3433789b1fc5d02a90fc26fbb04531084ade2
Opcode Fuzzy Hash: 39f76468162a53844569274d6279a1144a5268aad58e3a6c94fe75d9998f048c
Instruction Fuzzy Hash: A2F065B4664349ABFF347B30BC8A72936949740B52F118425F401CD1E2EBBCCD81A912

Function 0075F1EA Relevance: 3.0, APIs: 2, Instructions: 25
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 007670D6: TlsGetValue.KERNEL32(009E28C4,?,00000000,00766B5D,00766457,00766B79,00762088,0076332A,?,00000000,?,0075A899,00000000,00000000,00000000,00000000), ref: 00767115

GetCurrentThreadId.KERNEL32 ref: 0075F20C
SetWindowsHookExA.USER32(00000005,0075EFF4,00000000,00000000), ref: 0075F21C

Part of subcall function 0075B0DC: __EH_prolog.LIBCMT ref: 0075B113
Part of subcall function 0075B0DC: lstrcpynA.KERNEL32(?,?,00000104), ref: 0075B200

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentH_prologHookThreadValueWindowslstrcpyn
String ID:
API String ID: 1958425692-0
Opcode ID: 985e33142d1097572207bc7d7969087df932916c3deb5d11784fc52de6e1ae6a
Instruction ID: e33892a9d27fcda19895e20011dce98c29216e3b64bd2b2589924003c455a13f
Opcode Fuzzy Hash: 985e33142d1097572207bc7d7969087df932916c3deb5d11784fc52de6e1ae6a
Instruction Fuzzy Hash: 31E09BB96007109FD3305B629C09B5B76E4EB90B12F00453DED5A81180D6F89809CB76

Function 007376E5 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 007377CC

Part of subcall function 0073F834: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0073868B,00000009,00000000,00000000,00000001,0073CFB9,00000001,00000074,?,?,00000000,00000001), ref: 0073F871
Part of subcall function 0073F834: EnterCriticalSection.KERNEL32(?,?,?,0073868B,00000009,00000000,00000000,00000001,0073CFB9,00000001,00000074,?,?,00000000,00000001), ref: 0073F88C

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$AllocateEnterHeapInitialize
String ID:
API String ID: 1616793339-0
Opcode ID: db85a5566148b1c0b1b019171ed7f4810a3573875b43e6d6a888e5ed84a4a847
Instruction ID: 09e0ab2cf8ef9031796afd8b396457abe317c1cf570bb1c37743f2993cb8d90e
Opcode Fuzzy Hash: db85a5566148b1c0b1b019171ed7f4810a3573875b43e6d6a888e5ed84a4a847
Instruction Fuzzy Hash: 4521D8B2A08205EBFB24EF64DC86B9D77B4EB00B60F144516F411EB2D2D77CA941CA54

Function 006F1783 Relevance: 1.6, APIs: 1, Instructions: 80
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,006ED1D5,008C68EE,0088AACE,00000000,?,006ED1E4), ref: 006F186A

Part of subcall function 006F6CB5: InitializeCriticalSection.KERNEL32(00000000,008C68EE,00000010,?,006F181C,00000009,008C68EE,0088AACE,00000000,?,006ED1E4), ref: 006F6CF2
Part of subcall function 006F6CB5: EnterCriticalSection.KERNEL32(00000010,00000010,?,006F181C,00000009,008C68EE,0088AACE,00000000,?,006ED1E4), ref: 006F6D0D

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$AllocateEnterHeapInitialize
String ID:
API String ID: 1616793339-0
Opcode ID: b39a9fa8d9f8fe167d46e8fe47434da79a5d808ff4bbafd0d317f5e05f54a535
Instruction ID: d85724b7855addeb588347d6a15c85ca540a165240db778ca9e344536df199dc
Opcode Fuzzy Hash: b39a9fa8d9f8fe167d46e8fe47434da79a5d808ff4bbafd0d317f5e05f54a535
Instruction Fuzzy Hash: 6B219532A0020DEBDB10EB69DD42BEE77A6FB027E0F14452AF671EF2C1D77499418A54

Function 0075F278 Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

CreateWindowExA.USER32(00000000,00000080,004ABB21,?,?,?,?,?,?,?,?,?), ref: 0075F316

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 54cb679cdfbdeac1c0bce39d2b44c7eb52dac1727470d5d05e43046c79b6350c
Instruction ID: 7f6b54f18cc8a3932b577dd5c019d2d30ddfb135a9c091d2121dd8a5b0c340a7
Opcode Fuzzy Hash: 54cb679cdfbdeac1c0bce39d2b44c7eb52dac1727470d5d05e43046c79b6350c
Instruction Fuzzy Hash: 53318979A00219EFCF01DFA8C844ADEBBF1BF4C310B118069F919E7210E7399A519FA0

Function 0075F567 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,00000000,00000000,?,?,?,0075F3F0,00998E60,?,00481B6C), ref: 0075F594

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 1216ea0d541f92f5c36384889395e5aa7c16032da7dcd7cebdc74e330ef9e201
Instruction ID: d7e3b59943e562275e540f47684b720dd3082655dd2c4cd8b5706ae0e5780ccb
Opcode Fuzzy Hash: 1216ea0d541f92f5c36384889395e5aa7c16032da7dcd7cebdc74e330ef9e201
Instruction Fuzzy Hash: DDF08C31205601CFDB296E26E849A9A7BB5AF80717B01457DE802CB261EBA8DD59CA50

Function 00762C05 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

LoadStringA.USER32(?,?,?,?), ref: 00762C1C

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LoadString
String ID:
API String ID: 2948472770-0
Opcode ID: 84a2eed3f2bf4f7101937383de3081fb23c0f5fb6d8d754d20db0b193c8fc56d
Instruction ID: 1b527243b161e028b15159ffa4c55e6e9d7ca220daef747da9efde97ac93a0f1
Opcode Fuzzy Hash: 84a2eed3f2bf4f7101937383de3081fb23c0f5fb6d8d754d20db0b193c8fc56d
Instruction Fuzzy Hash: F2D0A7760093A1DBC741DF50CC08C4FBBA4BF64310B048C0DF88183111C324C419C772

Function 0048D060 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

Part of subcall function 00485360: GetCurrentThreadId.KERNEL32 ref: 00485385
Part of subcall function 00485360: IsWindow.USER32(00000000), ref: 004853A1
Part of subcall function 00485360: SendMessageA.USER32(00000000,000083E7,?,00000000), ref: 004853BA
Part of subcall function 00485360: ExitProcess.KERNEL32 ref: 004853CF

ExitProcess.KERNEL32 ref: 0048D075

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ExitProcess$CurrentMessageSendThreadWindow
String ID:
API String ID: 821200049-0
Opcode ID: 95bde00c274778cf8f827cbaa61f4629d1994cd1d82796ef2d9282ca16cc4b85
Instruction ID: 7d4f053531705ab54f6b064335c907cfaf4c72a5c0de34e724d568bd30168bca
Opcode Fuzzy Hash: 95bde00c274778cf8f827cbaa61f4629d1994cd1d82796ef2d9282ca16cc4b85
Instruction Fuzzy Hash: 4CC04C7511030C6BC714BB99C85589E37DDAB48640B40441CBA0687241CE74F94087A5

Non-executed Functions

Function 004831C0 Relevance: 53.5, APIs: 29, Strings: 1, Instructions: 979windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 00483232
IsIconic.USER32(?), ref: 0048326A
SetActiveWindow.USER32(?), ref: 00483293
IsWindow.USER32(?), ref: 004832BD
IsWindow.USER32(?), ref: 0048358E
DestroyAcceleratorTable.USER32(?), ref: 004836DE
DestroyMenu.USER32(?), ref: 004836E9
DestroyAcceleratorTable.USER32(?), ref: 00483703
DestroyMenu.USER32(?), ref: 00483712
DestroyAcceleratorTable.USER32(?), ref: 00483772
DestroyMenu.USER32(?,000003EA,00000000,00000000,?,?,00000000,?,?,?,000007D9,00000000,00000000), ref: 00483781
SetParent.USER32(?,?), ref: 00483803
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 0048391B
IsWindow.USER32(?), ref: 00483A4C
SendMessageA.USER32(?,0000806F,00000000,00000000), ref: 00483A61
SendMessageA.USER32(?,00008004,00000000,00000000), ref: 00483A7E
DestroyAcceleratorTable.USER32(?), ref: 00483ACC
IsWindow.USER32(?), ref: 00483B41
IsWindow.USER32(?), ref: 00483B91
IsWindow.USER32(?), ref: 00483BE1
IsWindow.USER32(?), ref: 00483C1E
IsWindow.USER32(?), ref: 00483CA1
GetParent.USER32(?), ref: 00483CAF
GetFocus.USER32 ref: 00483CF0

Part of subcall function 004830B0: IsWindow.USER32(?), ref: 0048312B
Part of subcall function 004830B0: GetFocus.USER32 ref: 00483135
Part of subcall function 004830B0: IsChild.USER32(?,00000000), ref: 00483147

IsWindow.USER32(?), ref: 00483D4F
SendMessageA.USER32(?,00008076,00000000,00000000), ref: 00483D64
IsWindow.USER32(00000000), ref: 00483D77
GetFocus.USER32 ref: 00483D81
SetFocus.USER32(00000000), ref: 00483D8C

Strings

d, xrefs: 004831D3

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Destroy$AcceleratorFocusTable$MenuMessageSend$Parent$ActiveChildIconic
String ID: d
API String ID: 3681805233-2564639436
Opcode ID: c4b0aed9d64e424c79fe65fa54d76721ddd74353857f054382ea8af6d61369dd
Instruction ID: 04f72ebc82363a10d741344caa3a142e9465a3ba64d0fe85ae323a8580e10943
Opcode Fuzzy Hash: c4b0aed9d64e424c79fe65fa54d76721ddd74353857f054382ea8af6d61369dd
Instruction Fuzzy Hash: 377290B56043009BD324EF65C881B6FB7E9AFC4B04F04891EF94997341DB78E945CBAA

Function 004D2EF5 Relevance: 32.2, APIs: 11, Strings: 7, Instructions: 714COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,?,?,00000000,?,004DAF14,00000007,00000000,00000000,?), ref: 004D2F3E
CreateWindowExA.USER32(00000000,?,0088AAD6,00000000,00000007,004DAF14,?,00000000,?,00000000,?), ref: 004D3198
SetPropA.USER32(?,hDesignWnd,00000000), ref: 004D3234
SetPropA.USER32(?,dwUnitID,00000000), ref: 004D3274
SetPropA.USER32(?,dwWinFormID,00000000), ref: 004D32B4
SetPropA.USER32(?,dwUnitBmpID,00000000), ref: 004D32E9
SetPropA.USER32(?,hUnit,00000000), ref: 004D3326
SetPropA.USER32(?,hParentWnd,00000000), ref: 004D3370
SetPropA.USER32(?,0088AB1C,?), ref: 004D3429
GetPropA.USER32(?,0088AB35), ref: 004D362F

Part of subcall function 004D4487: GetWindowRect.USER32(?,00000000), ref: 004D44C6

SetPropA.USER32(?,pUnitInfo,00000000), ref: 004D37AE

Strings

hParentWnd, xrefs: 004D3366
pUnitInfo, xrefs: 004D37A4
dwUnitBmpID, xrefs: 004D32DF
dwUnitID, xrefs: 004D326A
dwWinFormID, xrefs: 004D32AA
hUnit, xrefs: 004D331C
hDesignWnd, xrefs: 004D322A

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Prop$Window$CreateHandleModuleRect
String ID: dwUnitBmpID$dwUnitID$dwWinFormID$hDesignWnd$hParentWnd$hUnit$pUnitInfo
API String ID: 3483918016-49895494
Opcode ID: 61fc2b4c01e758fe822b8ac85ef56465bdd6d5bc7b2158669a4940f039c6ac0f
Instruction ID: fae0498744adfdc21c87df056e4ad2820d6b37af2a6e22a4a2a44df2a7512517
Opcode Fuzzy Hash: 61fc2b4c01e758fe822b8ac85ef56465bdd6d5bc7b2158669a4940f039c6ac0f
Instruction Fuzzy Hash: 67522A71D00209EBDF01DF95DD82BAEBB71FF09305F14406AF60476291D3769A60DB6A

Function 004DAA25 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 232COMMON

Download Yara Rule

APIs

GetPropA.USER32(00000000,pUnitInfo), ref: 004DAA6C
GetPropA.USER32(00000000,hUnit), ref: 004DAAA0
SetPropA.USER32(00000000,pUnitInfo,00000000), ref: 004DAACF
SetPropA.USER32(00000000,hUnit,00000000), ref: 004DAAFB
GetPropA.USER32(00000000,0088AF6F), ref: 004DAB22
GetPropA.USER32(00000000,0088AEBE), ref: 004DAB56
SetPropA.USER32(00000000,0088AEB5,00000002), ref: 004DABA3
SetPropA.USER32(00000000,0088AF6F,00000001), ref: 004DAC4F
GetPropA.USER32(00000000,dwWinFormID), ref: 004DAC80
GetPropA.USER32(00000000,dwUnitID), ref: 004DACAA

Strings

pUnitInfo, xrefs: 004DAA64, 004DAAC7
dwUnitID, xrefs: 004DACA2
dwWinFormID, xrefs: 004DAC78
hUnit, xrefs: 004DAA98, 004DAAF3

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Prop
String ID: dwUnitID$dwWinFormID$hUnit$pUnitInfo
API String ID: 257714900-4148580093
Opcode ID: f0017af707e83237a20590387ea4bf167fbc226bec20935a7b46c00fc1e5299b
Instruction ID: ae8ac118262359d52ee6cc73c67d7cf6eb98f0ffeba92e6615d2506b8f4ae793
Opcode Fuzzy Hash: f0017af707e83237a20590387ea4bf167fbc226bec20935a7b46c00fc1e5299b
Instruction Fuzzy Hash: 45714EB0D41309EBDB00AF91DD56BBEBA75EF05301F109027F10576291D7798A60CBAB

Function 0048C860 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 93libraryloaderwindowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 0048C86C
IsZoomed.USER32(?), ref: 0048C87A
LoadLibraryA.KERNEL32(User32.dll,00000003,00000009), ref: 0048C8A4
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0048C8B7
GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0048C8C5
FreeLibrary.KERNEL32(00000000), ref: 0048C8FB
SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0048C911
IsWindow.USER32(?), ref: 0048C93E
ShowWindow.USER32(?,00000005,?,?,?,?,00000004), ref: 0048C94B

Strings

H, xrefs: 0048C8E8
MonitorFromWindow, xrefs: 0048C8B1
User32.dll, xrefs: 0048C899
GetMonitorInfoA, xrefs: 0048C8BD

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressLibraryProcWindow$FreeIconicInfoLoadParametersShowSystemZoomed
String ID: GetMonitorInfoA$H$MonitorFromWindow$User32.dll
API String ID: 447426925-661446951
Opcode ID: 5a17cc729274ebc8b58092dc04b007b5a2749d488c7b6af740bdc6ba1127ee56
Instruction ID: f9ad9e62a680e5f5f9a44e9060f018362db0f7b9dcddd7ee76385ecee19b01de
Opcode Fuzzy Hash: 5a17cc729274ebc8b58092dc04b007b5a2749d488c7b6af740bdc6ba1127ee56
Instruction Fuzzy Hash: D8317175740302AFD710AF65DC4DF2B77A9EF84B41F04891DF902A6280EBB8E8058779

Function 00436A1B Relevance: 22.7, Strings: 16, Instructions: 2738COMMON

Download Yara Rule

Strings

\s*?([\d\.A-Z]*)\s*?\d*%\s*?(\/mnt\/DISK[^\n\r]*), xrefs: 00438269
(x, xrefs: 00437C64
2(x, xrefs: 004374E4
/mnt/DISK, xrefs: 0043816E
File exists, xrefs: 0043735F
100%, xrefs: 004371BB
Password: , xrefs: 00437CAC
login: , xrefs: 00437AEE
\vod.ini, xrefs: 00437222, 004373BC, 00437559, 004376F6
A(x, xrefs: 00437681
G, xrefs: 00438BA2
123456, xrefs: 00437D3C
root, xrefs: 00437BD8
R(x, xrefs: 004377F6
df -h, xrefs: 00437F07, 00438040
123456, xrefs: 00437DD0

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: /mnt/DISK$100%$123456$123456$2(x$A(x$File exists$G$Password: $R(x$\s*?([\d\.A-Z]*)\s*?\d*%\s*?(\/mnt\/DISK[^\n\r]*)$\vod.ini$df -h$login: $root$(x
API String ID: 0-1091269962
Opcode ID: be51cefd5dca26e5706eebbe6bf2cfd71554251ca225563f7a27194df1c9310a
Instruction ID: 572721861ddcef6a3ad54ae74bc002a4f51113179a37380348ba38c078826344
Opcode Fuzzy Hash: be51cefd5dca26e5706eebbe6bf2cfd71554251ca225563f7a27194df1c9310a
Instruction Fuzzy Hash: E91366F1F40305ABFF109B958CC2FAF7664DB18704F14903AFA49BA386F6699D108769

Function 004DAF52 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 297COMMON

Download Yara Rule

APIs

GetPropA.USER32(00000000,pUnitInfo), ref: 004DAFC4
GetPropA.USER32(00000000,dwUnitBmpID), ref: 004DB098
GetPropA.USER32(00000000,hDesignWnd), ref: 004DB0C2
GetPropA.USER32(00000000,dwWinFormID), ref: 004DB0EC
GetPropA.USER32(00000000,dwUnitID), ref: 004DB116
LocalFree.KERNEL32(00000000,00000000), ref: 004DB220

Strings

pUnitInfo, xrefs: 004DAFBC
dwUnitBmpID, xrefs: 004DB090
dwUnitID, xrefs: 004DB10E
dwWinFormID, xrefs: 004DB0E4
hDesignWnd, xrefs: 004DB0BA

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Prop$FreeLocal
String ID: dwUnitBmpID$dwUnitID$dwWinFormID$hDesignWnd$pUnitInfo
API String ID: 2150971535-578116674
Opcode ID: deaddfc2193b1c712799ddcb21e5d4d967f48ad77b01d4b3afd2c3d0124228f4
Instruction ID: ef237e036ee6aba5af1de4628329f8f071aab1f21b02568c4f2291880206977b
Opcode Fuzzy Hash: deaddfc2193b1c712799ddcb21e5d4d967f48ad77b01d4b3afd2c3d0124228f4
Instruction Fuzzy Hash: B3B11AB1D01208EBDF01EFE1DD56BAEBBB5EF09300F14506AF504B6251D7765A20CBAA

Function 004D82F2 Relevance: 17.4, APIs: 11, Instructions: 864windowCOMMON

Download Yara Rule

APIs

CreateCompatibleDC.GDI32(00000000), ref: 004D8558
CreateDIBSection.GDI32(?,00000000,00000000,-00000004), ref: 004D87C9
SelectObject.GDI32(?,?), ref: 004D88F4
GdipCreateFromHDC.GDIPLUS(?,?,?,?,00000000), ref: 004D8939
SelectObject.GDI32(00000000,00000000), ref: 004D896D
GdipCreateBitmapFromScan0.GDIPLUS(?,?,00000000,000E200B,00000000,?,-00000004), ref: 004D8A82
GdipGetImageGraphicsContext.GDIPLUS(?,?), ref: 004D8AD6
GdipDisposeImage.GDIPLUS(00000000,?,?,00000071,?,00000000,?,?,-00000004), ref: 004D8BC1
SelectObject.GDI32(00000000,00000000), ref: 004D8C3D
DeleteDC.GDI32(00000000), ref: 004D8C5F
DeleteObject.GDI32(00000000), ref: 004D8C8B

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateGdipObject$Select$DeleteFromImage$BitmapCompatibleContextDisposeGraphicsScan0Section
String ID:
API String ID: 4238895976-0
Opcode ID: e72a1bc8505e76257d3af385a35a92c0b7f2cd0d972fe5e4e149312cb69e509a
Instruction ID: 238961e650297c7efa9558b69f885a1bf3d5c952e3efeaf913fd22be6dc83650
Opcode Fuzzy Hash: e72a1bc8505e76257d3af385a35a92c0b7f2cd0d972fe5e4e149312cb69e509a
Instruction Fuzzy Hash: BC727CB4A403199BDF00CF89D8D0BA9BBB0FF1E310F14506ADA456B356C379A951CF66

Function 004E7A7C Relevance: 15.7, APIs: 7, Strings: 1, Instructions: 1695COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 004E7C9E
CreateCompatibleDC.GDI32(00000000), ref: 004E7E31
CreateDIBSection.GDI32(00000000,00000000,00000000,00000000), ref: 004E7F2A
SelectObject.GDI32(00000000,00000000), ref: 004E801B
GdipCreateFromHDC.GDIPLUS(00000000,00000000,?,?,00000000,?,?,?,?,?,-00000030), ref: 004E8044
LoadCursorA.USER32(00000000,00007F00), ref: 004E8318
LoadCursorA.USER32(00000000,00007F00), ref: 004E8364

Strings

ex_ui keye, xrefs: 004E8B8B, 004E8C89, 004E8D06

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Create$CursorLoad$CompatibleFromGdipObjectRectSectionSelectWindow
String ID: ex_ui keye
API String ID: 3677454660-575506270
Opcode ID: 3e538c386124ad31707f26b3d2d6b3e3fbcb333fcf53f41856f54ee74b39a8bf
Instruction ID: 7437754834c4c393e140ca46974129310aa2d089128f9898c6ca51caa2ec5286
Opcode Fuzzy Hash: 3e538c386124ad31707f26b3d2d6b3e3fbcb333fcf53f41856f54ee74b39a8bf
Instruction Fuzzy Hash: 7AD2E3B0D41248ABEB00DF95EDC1B9DBBB1FF09311F241069E509BB342D776A950CB6A

Function 004DF787 Relevance: 15.1, APIs: 9, Instructions: 1604COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cb18e647e5d14a0239d670c8e56227471d2a5aa7a033b7ba9ecedb106ec9c52
Instruction ID: 5dd58d0a0e287da4e706b2153542dbc8a14a6694e785bae5ae71a11663b34471
Opcode Fuzzy Hash: 2cb18e647e5d14a0239d670c8e56227471d2a5aa7a033b7ba9ecedb106ec9c52
Instruction Fuzzy Hash: 37B249B1E01228EFEB14DF95ECC6BAEB7B5FB19300F04102AE515A7381D775A910CB66

Function 004E8F3B Relevance: 14.8, APIs: 4, Strings: 4, Instructions: 825COMMON

Download Yara Rule

APIs

Part of subcall function 004E9A79: LocalSize.KERNEL32(004E8ED3), ref: 004E9B20
Part of subcall function 004E9A79: TrackMouseEvent.USER32(004E8ED3), ref: 004E9BA2

CallWindowProcA.USER32(?,?,00000010,?,004E8ED3), ref: 004E9A52

Strings

%1, xrefs: 004E911B
ex_ui keye, xrefs: 004E93A4, 004E9479, 004E954E, 004E9831, 004E988C, 004E98E5, 004E998A, 004E9A19
32879, xrefs: 004E979F
$1, xrefs: 004E910E

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CallEventLocalMouseProcSizeTrackWindow
String ID: $1$%1$32879$ex_ui keye
API String ID: 2164320629-2459192517
Opcode ID: 37fa91b1367bd58029be9a82c86733d13dcd6853f2d0ce5bbc002f6bccd48aab
Instruction ID: dd5a110419296b9793e46b6c5722615d11c9f75d595695fc5bde79680e504f52
Opcode Fuzzy Hash: 37fa91b1367bd58029be9a82c86733d13dcd6853f2d0ce5bbc002f6bccd48aab
Instruction Fuzzy Hash: DE523B70C01288FBDF11AF92EC46AAE7B31FF05312F00906AF515662A1D7798E61DF5A

Function 004EAC10 Relevance: 13.0, APIs: 6, Strings: 1, Instructions: 788COMMON

Download Yara Rule

APIs

CreateDIBSection.GDI32(00000000,00000000), ref: 004EAF71
SelectObject.GDI32(00000000,00000000), ref: 004EB08C
GdipCreateFromHDC.GDIPLUS(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004EB0B2
CallWindowProcA.USER32(?,00000000,00000005,00000001,00000000), ref: 004EB217
DeleteObject.GDI32(00000000), ref: 004EB303
CallWindowProcA.USER32(?,00000000,00000005,00000001,00000000), ref: 004EB4D5

Strings

ex_ui keye, xrefs: 004EB1DC, 004EB49A

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CallCreateObjectProcWindow$DeleteFromGdipSectionSelect
String ID: ex_ui keye
API String ID: 3404240811-575506270
Opcode ID: 535fd54cea21dd7d0c9d7ff458379f6ad55489b23312fa9742b5ee30b588a182
Instruction ID: 1a6e2c58d1ec44fc88acfe740dd20f30754408c41c693a34597f863c8dde0789
Opcode Fuzzy Hash: 535fd54cea21dd7d0c9d7ff458379f6ad55489b23312fa9742b5ee30b588a182
Instruction Fuzzy Hash: 675257B0D41249DBEB00DF95EC86BAEBBB1FF1A310F141065E505BB341D376A960CB6A

Function 004D5197 Relevance: 12.9, APIs: 7, Instructions: 2362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c36a08113861d51f854311a320731633a2ec030bf6855538c75c02b02b95e4d4
Instruction ID: a44dae5986411d43b4505137966ef9f7f9d6a021e3875fad1647ba744f0af51c
Opcode Fuzzy Hash: c36a08113861d51f854311a320731633a2ec030bf6855538c75c02b02b95e4d4
Instruction Fuzzy Hash: 210304B1E00218EFDB18CF85ECD5BADB7B5FB19300F44006AE605AB356D674A961CF26

Function 0075DD6B Relevance: 12.1, APIs: 8, Instructions: 72stringfileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0075DD70
GetFullPathNameA.KERNEL32(?,00000104,?,?,?,?), ref: 0075DD8E
lstrcpynA.KERNEL32(?,?,00000104), ref: 0075DD9D
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,?), ref: 0075DDD1
CharUpperA.USER32(?), ref: 0075DDE2
FindFirstFileA.KERNEL32(?,?), ref: 0075DDF8
FindClose.KERNEL32(00000000), ref: 0075DE04
lstrcpyA.KERNEL32(?,?), ref: 0075DE14

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$CharCloseFileFirstFullH_prologInformationNamePathUpperVolumelstrcpylstrcpyn
String ID:
API String ID: 304730633-0
Opcode ID: a7027a1c8d28a142fcfff32db1db0ff89ae855934bc23f7f7980c54463986fd7
Instruction ID: 102face14e459616f24c1d52b5c243c76a6e93c9803617633c48c1fa3dd76499
Opcode Fuzzy Hash: a7027a1c8d28a142fcfff32db1db0ff89ae855934bc23f7f7980c54463986fd7
Instruction Fuzzy Hash: F9214A71500619ABCB219FA0DC49AEF7F7CFF15762F008115F91AE6060D7B88A49CBA0

Function 004DB4AA Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 196memoryCOMMON

Download Yara Rule

APIs

GetPropA.USER32(00000000,pUnitInfo), ref: 004DB515
GlobalAlloc.KERNEL32(?,00000000,0000AC64,?,00000000,00000000,00000000,00000000,?), ref: 004DB5EE
GlobalLock.KERNEL32(00000000), ref: 004DB613
GetPropA.USER32(00000000,0088AB1C), ref: 004DB681
GlobalUnlock.KERNEL32(00000000,?,00000000,?,00000000,?,00000000,00000000,0000AC64,?,00000000,00000000), ref: 004DB703

Strings

pUnitInfo, xrefs: 004DB50D

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$Prop$AllocLockUnlock
String ID: pUnitInfo
API String ID: 3109133926-3115533449
Opcode ID: 51eb771fff944cd06dc87f17aed52c3981686c8317cb7f7133f7f420dfbea811
Instruction ID: 9faf6bb51801dd1fd6699df9f38fbc1163824657d52f701a06cfc218dec427d4
Opcode Fuzzy Hash: 51eb771fff944cd06dc87f17aed52c3981686c8317cb7f7133f7f420dfbea811
Instruction Fuzzy Hash: 6071F5B0C0121CEBDF00AF91ED56AEEBB75FF09304F00506AF54076295DB794964CB6A

Function 0073D028 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32 ref: 0073D047
GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 0073D07C
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0073D0DC

Strings

__GLOBAL_HEAP_SELECTED, xrefs: 0073D0B6
__MSVCRT_HEAP_SELECT, xrefs: 0073D077

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: EnvironmentFileModuleNameVariableVersion
String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
API String ID: 1385375860-4131005785
Opcode ID: c2120290d6d9523b6dc3caafa4f2935fa35477d82261c543822950a646473d6f
Instruction ID: 7c3603fa5ce65a3e5dc4913d8f5170e82358cfc5c6faae29c81a8b2d861e7079
Opcode Fuzzy Hash: c2120290d6d9523b6dc3caafa4f2935fa35477d82261c543822950a646473d6f
Instruction Fuzzy Hash: 123159B190524C6EFB3996707C85BDE376CAB02704F2440D5E585D6143E77D9ECACB21

Function 004D6B83 Relevance: 8.8, APIs: 5, Instructions: 1322COMMON

Download Yara Rule

APIs

CreateCompatibleDC.GDI32(00000000), ref: 004D6EAE
SelectObject.GDI32(00000000,?), ref: 004D7621

Part of subcall function 004D9D3A: GetDC.USER32(?), ref: 004D9E64

SelectObject.GDI32(00000000,00000000), ref: 004D77FE
DeleteDC.GDI32(00000000), ref: 004D7820

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ObjectSelect$CompatibleCreateDelete
String ID:
API String ID: 488333989-0
Opcode ID: 1a6d5438ca837ea55b1d18f8e9af8cd12f837fc1e2a83a4e93acf4c4badac193
Instruction ID: a2db0fe5ba3eaa345b83ff5cc86d987fbcad9fa7fc7a7a2fcf752dc3830c14c2
Opcode Fuzzy Hash: 1a6d5438ca837ea55b1d18f8e9af8cd12f837fc1e2a83a4e93acf4c4badac193
Instruction Fuzzy Hash: 84A209B1A00214DFDF08CF85ECD6F6AB7B5FB19300F44006AD605AB395E275AA51CF66

Function 004D9D3A Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 190COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 004D9E64
UpdateLayeredWindow.USER32(?,00000000,00000000,?,00000064,00000000,00000000), ref: 004D9EE2
ReleaseDC.USER32(?,00000000), ref: 004D9F38

Strings

d, xrefs: 004D9DC7

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LayeredReleaseUpdateWindow
String ID: d
API String ID: 1863451713-2564639436
Opcode ID: 201dee0e45e5d2a984b26c6dba559f7b4247580dec20dfc10e8ec67a1511f57a
Instruction ID: 19006415d25e293556a379d9ecfbf6c790f98f8e4da8743d201b111e941657ac
Opcode Fuzzy Hash: 201dee0e45e5d2a984b26c6dba559f7b4247580dec20dfc10e8ec67a1511f57a
Instruction Fuzzy Hash: DF614DB4D01349EBDF01DF95DC867AEBBB1EF1A300F145066E509AB342D3759A10CBAA

Function 004D46FF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

GetPropA.USER32(0000000E,dwWinFormID), ref: 004D4736
GetPropA.USER32(0000000E,dwUnitID), ref: 004D476B

Strings

dwUnitID, xrefs: 004D4763
dwWinFormID, xrefs: 004D472E

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Prop
String ID: dwUnitID$dwWinFormID
API String ID: 257714900-452588718
Opcode ID: 62ea8035e18f230435c17058bac9b224a6e10137572273197c4faf582aa89422
Instruction ID: 1c3b6093ad6a2ee0e6850f76ae4daea73a686acf155401f2c4668c76fb438532
Opcode Fuzzy Hash: 62ea8035e18f230435c17058bac9b224a6e10137572273197c4faf582aa89422
Instruction Fuzzy Hash: 2241B2B4D00308EBDB00DF95E9C5A9DBBB0FF09310F5080AAE955A7342D7359A60DF66

Function 004D4876 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89COMMON

Download Yara Rule

APIs

GetPropA.USER32(0000000E,dwWinFormID), ref: 004D48AD
GetPropA.USER32(0000000E,dwUnitID), ref: 004D48E2

Strings

dwUnitID, xrefs: 004D48DA
dwWinFormID, xrefs: 004D48A5

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Prop
String ID: dwUnitID$dwWinFormID
API String ID: 257714900-452588718
Opcode ID: 1d483fe62d58f264babe311f3b305533d4fa1f1ed064f5865d9df47f3d61b8e3
Instruction ID: 1348a583c25e90bd3e8262f5bb4e57b2ce377f4584668b7b0918c8adf4540d53
Opcode Fuzzy Hash: 1d483fe62d58f264babe311f3b305533d4fa1f1ed064f5865d9df47f3d61b8e3
Instruction Fuzzy Hash: F7312AB5D0030CEBDF00EFA5D8956AEBBB0FF49311F5080A6E559A7241D7398A20CF5A

Function 004E70E8 Relevance: 5.3, APIs: 3, Instructions: 836COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 004E71FC
LoadCursorA.USER32(00000000,00007F00), ref: 004E751A
LoadCursorA.USER32(00000000,00007F00), ref: 004E75BB

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorLoad$Window
String ID:
API String ID: 1582687189-0
Opcode ID: c998efb91d2701023154e54d660d4134328d1efab0e12be53c8f0f11f6c3a49e
Instruction ID: 6583603454bc57ae8c98e02525a83c0d11233b3f24d5c90f47906842f7611744
Opcode Fuzzy Hash: c998efb91d2701023154e54d660d4134328d1efab0e12be53c8f0f11f6c3a49e
Instruction Fuzzy Hash: F462C4B1A003199FDB10DF99DCC1BAEBBB0FF09314F440569EA14AB346D375AA50CB66

Function 004DD7D5 Relevance: 5.1, APIs: 2, Instructions: 2111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7e8a1437dfc45d8efc6c00884341d972d5de3960ab96907450c71264656a0cc
Instruction ID: 348fe57cc08884e416576df6de67c0821cdc2b098fae11b8910450bb8fe795af
Opcode Fuzzy Hash: d7e8a1437dfc45d8efc6c00884341d972d5de3960ab96907450c71264656a0cc
Instruction Fuzzy Hash: 84F258B1E00218DFEB14DF85ECD5BAEB7B5FB19300F54006AE605AB381E775AA11CB16

Function 004DF347 Relevance: 4.8, APIs: 3, Instructions: 314memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(?,00000000,0000AC64,00000000,00000000,00000000,00000000,00000000,00000002), ref: 004DF566
GlobalLock.KERNEL32(00000000), ref: 004DF58B
GlobalFree.KERNEL32(00000000), ref: 004DF669

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$AllocFreeLock
String ID:
API String ID: 1811133220-0
Opcode ID: 35ed8ee5ef9d8beadc3f5c73c234d5e5161e1b8397e5f8044ec73584c34e39fc
Instruction ID: 55e6aacd1fe6329353d3d922a08b5f5e8343dc12270eb78db041004768068c4a
Opcode Fuzzy Hash: 35ed8ee5ef9d8beadc3f5c73c234d5e5161e1b8397e5f8044ec73584c34e39fc
Instruction Fuzzy Hash: C0B14BB1E00208EFDB14DF95EDD6BAEB7B4FF18300F14406AE101B6391E6799A15CB69

Function 004E9A79 Relevance: 3.8, APIs: 2, Instructions: 793COMMON

Download Yara Rule

APIs

LocalSize.KERNEL32(004E8ED3), ref: 004E9B20
TrackMouseEvent.USER32(004E8ED3), ref: 004E9BA2

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: EventLocalMouseSizeTrack
String ID:
API String ID: 3299714640-0
Opcode ID: a750e419191d8926e72ef7b31246403a5f584a4ea2ebae8b7d17b11b742859ad
Instruction ID: 9fb81bfec5c5dd172b928f5c232caed224f7f6ca281ffa192cdf07af69aed451
Opcode Fuzzy Hash: a750e419191d8926e72ef7b31246403a5f584a4ea2ebae8b7d17b11b742859ad
Instruction Fuzzy Hash: A852E5B0E00218DFDB04DF95EDC5BAEB7B1FB19301F141069E605BB291D775AA20CB6A

Function 004DB386 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetPropA.USER32(00000000,pUnitInfo), ref: 004DB3CF

Strings

pUnitInfo, xrefs: 004DB3C7

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Prop
String ID: pUnitInfo
API String ID: 257714900-3115533449
Opcode ID: 142a41c214a305bba7e2daf6403464bbc886750eff57714d02bbcf1ba54743cc
Instruction ID: 81368d8eb184c1e6a5c403b156b35a4ca71082337274343943e0063057ad0c0b
Opcode Fuzzy Hash: 142a41c214a305bba7e2daf6403464bbc886750eff57714d02bbcf1ba54743cc
Instruction Fuzzy Hash: 4231FCB1C0020CEFDF01AFE1D956ADEBBB5FF08300F104456E515A6251D7759A60DB95

Function 004D407A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

GetClassNameA.USER32(?,00000000,000000FF), ref: 004D40D1

Strings

ENewFrame, xrefs: 004D40ED

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClassName
String ID: ENewFrame
API String ID: 1191326365-866728150
Opcode ID: abf54b263c9fcb0ec0555081de4240ee86ea9a7c467bf5d6b25db148adad08a3
Instruction ID: c4e31815846eb65d1d74ed08add20991786d03e7150b26c163d1364a266f15c1
Opcode Fuzzy Hash: abf54b263c9fcb0ec0555081de4240ee86ea9a7c467bf5d6b25db148adad08a3
Instruction Fuzzy Hash: 3411C6B5E01309BBEF50DF94DC86B6E76B4EF18300F104076F908A7342D6759B50975A

Function 004E8E85 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

CallWindowProcA.USER32(?,?,00000000,?,?), ref: 004E8F14

Strings

ex_ui keye, xrefs: 004E8EDB

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CallProcWindow
String ID: ex_ui keye
API String ID: 2714655100-575506270
Opcode ID: 0605b826cda97b3bc102fa6bd45455c6dbb6ea84be1d7c4b66485a20967240ef
Instruction ID: 318b07e6775f9259b8e3878f0ac0c41c2253e150b15964fecc328a59f9b7e144
Opcode Fuzzy Hash: 0605b826cda97b3bc102fa6bd45455c6dbb6ea84be1d7c4b66485a20967240ef
Instruction Fuzzy Hash: 7A112475C0524CFBCF01AF91DC029AEBB32FF05352F00906AF51966160DB768661DF5A

Function 004D4AD4 Relevance: 3.5, APIs: 2, Instructions: 546COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(00000000,?), ref: 004D4C15
GetWindowRect.USER32(00000000,?), ref: 004D4C59

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: RectWindow
String ID:
API String ID: 861336768-0
Opcode ID: 18758a53babf5df615fd36ce0267e842b0c408238451a7cd89ba502e24d15155
Instruction ID: 2c798c8de5c9c63c5f57606ed7b5c88b9bbf3b00140e2eabe04e0c62a2818740
Opcode Fuzzy Hash: 18758a53babf5df615fd36ce0267e842b0c408238451a7cd89ba502e24d15155
Instruction Fuzzy Hash: 0522F0B0A00218DFDB04CF99E8D5BADBBB0FB5D310F58406AD605BB346D774AA50CB66

Function 004DC752 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetPropA.USER32(00000000,pUnitInfo), ref: 004DC79E

Strings

pUnitInfo, xrefs: 004DC796

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Prop
String ID: pUnitInfo
API String ID: 257714900-3115533449
Opcode ID: 75c8ebfb325499c09e98cecde2369b2234fab9e073c929c041cc886304bd9054
Instruction ID: c8a6b3d77c1d0e87630ce21043544611305159be92f8398752ff11f40478f62e
Opcode Fuzzy Hash: 75c8ebfb325499c09e98cecde2369b2234fab9e073c929c041cc886304bd9054
Instruction Fuzzy Hash: 3B01967A900208FFDF019F95D851ADDBF72FF09360F109055F9096A261D3769650EF85

Function 004D3BAA Relevance: 3.3, APIs: 2, Instructions: 286windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004D3F4F: GetAncestor.USER32(00000002,?,004D3BCC,00000000,00000000,00000000), ref: 004D3F80

EnumChildWindows.USER32(00000000,004D41BB,008C60AA), ref: 004D3BDF
SendMessageA.USER32(000000C2,00000001,00000000), ref: 004D3F1D

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AncestorChildEnumMessageSendWindows
String ID:
API String ID: 4278017813-0
Opcode ID: 3e5ad38219eba329b14a93685ddf20bee589590f413ca3d3061f990734a4a1ff
Instruction ID: a8a1094af76e3c9f9835006551208fd7fef001adcdd4d7a464f10fb2f1de0f83
Opcode Fuzzy Hash: 3e5ad38219eba329b14a93685ddf20bee589590f413ca3d3061f990734a4a1ff
Instruction Fuzzy Hash: FAB158B2E01208EFEF40DFA5C995B8EBBB5AF18301F0444AAE505A6381D3399B54CF56

Function 004DD454 Relevance: 3.2, APIs: 2, Instructions: 225windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00003124,00000000,00003125), ref: 004DD53B
DeleteObject.GDI32(00000000), ref: 004DD687

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DeleteMessageObjectSend
String ID:
API String ID: 3187723670-0
Opcode ID: fd49beab1b244bda822abe677331ebdeed59de3e755976f57f575095fce633fa
Instruction ID: 72a964277bc1fef1ede48e1406470490bbe087c14068f4d67d8e092f78ed567c
Opcode Fuzzy Hash: fd49beab1b244bda822abe677331ebdeed59de3e755976f57f575095fce633fa
Instruction Fuzzy Hash: A67119B1E04218EFDB18CF89ECD5B6EB7B4FB19300F54406AD615A7351E2B4AA10CF66

Function 004EFD89 Relevance: 3.2, APIs: 2, Instructions: 225windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00003124,00000000,00003125), ref: 004EFE70
DeleteObject.GDI32(00000000), ref: 004EFFBC

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DeleteMessageObjectSend
String ID:
API String ID: 3187723670-0
Opcode ID: fd49beab1b244bda822abe677331ebdeed59de3e755976f57f575095fce633fa
Instruction ID: 3e861e9954ee3c5e044ea43860f6070b32a549cc045c07a87da476a886941b56
Opcode Fuzzy Hash: fd49beab1b244bda822abe677331ebdeed59de3e755976f57f575095fce633fa
Instruction Fuzzy Hash: 2F713AB1A04214EFDB18CF89ECC5B6EB7B4FB1A300F54406AD615A7351E374AA10CF56

Function 004D49AD Relevance: 3.1, APIs: 2, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: RectWindow
String ID:
API String ID: 861336768-0
Opcode ID: 6b51d35ce0537dcb6bfed9fdc13da65b10ab4efc89414b0d004c931522d36eba
Instruction ID: 91f59849a166f23bb1354580f9af3b9a9b0ae448b9e0cce23123b4af5b35d2e9
Opcode Fuzzy Hash: 6b51d35ce0537dcb6bfed9fdc13da65b10ab4efc89414b0d004c931522d36eba
Instruction Fuzzy Hash: 51213E74C41208FBDF119F91DD166AE7A35FB42311F10A027F80926361D77A8A61DB5E

Function 004D439A Relevance: 3.0, APIs: 2, Instructions: 47COMMON

Download Yara Rule

APIs

RtlMoveMemory.KERNEL32(00000000,00000000,0000000C,000003EF,00000000), ref: 004D43CC
RtlMoveMemory.KERNEL32(00000010,0000001C,00000010), ref: 004D4405

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MemoryMove
String ID:
API String ID: 1951056069-0
Opcode ID: 01cd4925c92818919c2931892c6f93256e6a46183a66a2c7b092151dc9e44eea
Instruction ID: a51725f4d49a15a69918fe37d16a7cb181ac309fbc25cfb1d5987b77c2aa9ff2
Opcode Fuzzy Hash: 01cd4925c92818919c2931892c6f93256e6a46183a66a2c7b092151dc9e44eea
Instruction Fuzzy Hash: BC01D774D01308FBDB00DF85D881B9DBB74EF0A311F0090A9E5042B251D3769A549F5A

Function 004D3F4F Relevance: 3.0, APIs: 2, Instructions: 40COMMON

Download Yara Rule

APIs

GetAncestor.USER32(00000002,?,004D3BCC,00000000,00000000,00000000), ref: 004D3F80
EnumWindows.USER32(004D413A,008C60AE), ref: 004D3FB3

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AncestorEnumWindows
String ID:
API String ID: 4037963441-0
Opcode ID: 60eaf659a335210a55d9aa999675ea150054c5fbe72490308cdb706acd97ea99
Instruction ID: 9bc461986ae4b42bdf557312bf27bcda93bf7b12d20a86af1883e0fb543a5707
Opcode Fuzzy Hash: 60eaf659a335210a55d9aa999675ea150054c5fbe72490308cdb706acd97ea99
Instruction Fuzzy Hash: C6F04F70D5530CEFDB10AF90ED5BB2AB631B702756F00902BE00936391E7B99A25975F

Function 004D3A50 Relevance: 3.0, APIs: 2, Instructions: 38COMMON

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 004D3A90
CreateSolidBrush.GDI32(00ECECEC), ref: 004D3ABE

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: BrushCreateDeleteObjectSolid
String ID:
API String ID: 1396890533-0
Opcode ID: cb0d53ee48a479958c1363c43a13bd786590836b5767fca3e13b9915995e4fdf
Instruction ID: 683a29e0a6a7f016605d18a53add9e10eac2e97de5398eeb6bc7eead86be1ad3
Opcode Fuzzy Hash: cb0d53ee48a479958c1363c43a13bd786590836b5767fca3e13b9915995e4fdf
Instruction Fuzzy Hash: 0AF01970906208DFDB10EF50EA06F6ABA71F702306F00506AE009373A1E7B65A64CB9A

Function 004E2822 Relevance: 2.6, APIs: 2, Instructions: 122COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(000003A8,00000000,00000000,00000000,0088AACE,00000000), ref: 004E28AF
MultiByteToWideChar.KERNEL32(000003A8,00000000,00000000,00000000,00000000,00000000), ref: 004E2945

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: d1abd6e9b12c38a1d4620e6080fe7b618c92d52901fdcd3eed3b294730e22153
Instruction ID: 9c0165563ed1ea6a6824201f7b8f1bfe50b529b84bd9f5bd9d96ac1e81f64aac
Opcode Fuzzy Hash: d1abd6e9b12c38a1d4620e6080fe7b618c92d52901fdcd3eed3b294730e22153
Instruction Fuzzy Hash: B34153B1E00349EBEF00DF95DD427AEBBB8FF18301F145055E544BA282D7759A20CB59

Function 004AAB40 Relevance: 2.5, APIs: 1, Instructions: 1006COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be9349d237e0cc9f0f86dd6c2f235070755f1a38dd91aae0616fffe9622ec1dc
Instruction ID: 0d33a96f816d7056fa093279d91601b5b2f1a30cbf2c49f51754696ad834184d
Opcode Fuzzy Hash: be9349d237e0cc9f0f86dd6c2f235070755f1a38dd91aae0616fffe9622ec1dc
Instruction Fuzzy Hash: D3925971604B418FD329CF29C0906A7BBE2EFAA304F14892ED5DB87B62D735B845CB45

Function 0048F8A0 Relevance: 2.1, APIs: 1, Instructions: 638COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f97cd9a8ba0834c1a81f2d04b8c5a536e189a579a4d93c3ca1f3734e7357097e
Instruction ID: c710fb75fb8afe2abb473c0c3318f8120fd54a39dbd35099bce589c31fb8edd8
Opcode Fuzzy Hash: f97cd9a8ba0834c1a81f2d04b8c5a536e189a579a4d93c3ca1f3734e7357097e
Instruction Fuzzy Hash: 55329271E00209DFCB14EFA8C891BAEB7B1BF48314F24457AE916A7381D738AD45CB95

Function 004EECF9 Relevance: 1.8, APIs: 1, Instructions: 324COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 004EED32

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: ec62e89fcbbbc5c7cdd1077b398d6187146404779e180b4184aacde14d621858
Instruction ID: 6374d8defd424759e313ddbddf96938e4de143a97075140060624f970bad2754
Opcode Fuzzy Hash: ec62e89fcbbbc5c7cdd1077b398d6187146404779e180b4184aacde14d621858
Instruction Fuzzy Hash: 4CB119B0E00219EFDB04DF96DCC6BAEB771FB19301F04402AE114B6291D779AA51CF9A

Function 004DA771 Relevance: 1.7, APIs: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 004DA840

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: RectWindow
String ID:
API String ID: 861336768-0
Opcode ID: b254579e50a342367213e4aed73d488f09820c48d1beba3cc2433057198753ba
Instruction ID: 88cebbb9df33abfbe12b14a198ad1bf77834bfc4ee1917952204a5f0da8f849d
Opcode Fuzzy Hash: b254579e50a342367213e4aed73d488f09820c48d1beba3cc2433057198753ba
Instruction Fuzzy Hash: E291E4B0E00219DFDB04DF95E9D5BAEBBB0FB19300F54406AD605BB345D374AA20CB66

Function 004EA759 Relevance: 1.7, Strings: 1, Instructions: 458COMMON

Download Yara Rule

Strings

d, xrefs: 004EA80B

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 34aada10ac0f02d86a4ae06853054269d58034c619d4cc8a4bf256bd9fd18018
Instruction ID: f8b228362e1ffedbc7f8827909c634db8f7c1df4dae85e10bd645686db0b5e45
Opcode Fuzzy Hash: 34aada10ac0f02d86a4ae06853054269d58034c619d4cc8a4bf256bd9fd18018
Instruction Fuzzy Hash: A4F14DB1A412459BEF00CF99ECC1B59B7B5FF59324F290075E90AAB301D339B961CB62

Function 004D4487 Relevance: 1.6, APIs: 1, Instructions: 149COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,00000000), ref: 004D44C6

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: RectWindow
String ID:
API String ID: 861336768-0
Opcode ID: 1f2a76219812a926109fbc00b76e3cb5d44701f88d09d0c99b2536800df5f0bf
Instruction ID: 88fba4f717658a7ed5c6b6172e42a6cb9b22052046fee4b5465513c930d27a76
Opcode Fuzzy Hash: 1f2a76219812a926109fbc00b76e3cb5d44701f88d09d0c99b2536800df5f0bf
Instruction Fuzzy Hash: C051BEB0D40318EBDF00DF85E8C6BAEBB70FF0A301F5450A5E6457A286C7755A60CB6A

Function 004D7EA4 Relevance: 1.6, Strings: 1, Instructions: 395COMMON

Download Yara Rule

Strings

I|M, xrefs: 004D7F25, 004D8050, 004D811B, 004D8205

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: I|M
API String ID: 0-200107146
Opcode ID: 9feba86d3062cdc6d676b950f4148449fa792327acd01d450d4e2afb781c3a3e
Instruction ID: 5b4eab6fbdb9cc58e1d2d6c6779f414878b2cc6e44efb75b444ba3666056d400
Opcode Fuzzy Hash: 9feba86d3062cdc6d676b950f4148449fa792327acd01d450d4e2afb781c3a3e
Instruction Fuzzy Hash: 89D12CB1E40218EFDB08DF85ECD6F69B775FB29300F54406AE605AB381E674AA10CF56

Function 004EEBDA Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 004EEBF7

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: 47da7d5816581d8d1a9034166ae24c9be4ca2b4500e15689af35da4d6c263362
Instruction ID: 662fef1d75bf4ec13c4b4f868af373f9e731ba751905687a22f21f31204e415c
Opcode Fuzzy Hash: 47da7d5816581d8d1a9034166ae24c9be4ca2b4500e15689af35da4d6c263362
Instruction Fuzzy Hash: CC2162B0D04248EFDB00DF96D886BAEBB70FF05301F14906AE51567390D7799A50CF9A

Function 004D4159 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(?,FFFFFFF4), ref: 004D416D

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 2b6274341977dd72204eeb3b611fa69ed846affcfc93bf039a3d0c8eef23788e
Instruction ID: 38ca0e08de4dcde3351b1bea5ab9f876a67f50ca75dce7cbf35ab2a8b765167a
Opcode Fuzzy Hash: 2b6274341977dd72204eeb3b611fa69ed846affcfc93bf039a3d0c8eef23788e
Instruction Fuzzy Hash: ADF0A034C04208EBDB009F54D85576DBB74EB26320F008163E8155B380D6398A919F9B

Function 004ECF8E Relevance: 1.5, Strings: 1, Instructions: 256COMMON

Download Yara Rule

Strings

32879, xrefs: 004ECFB2

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 32879
API String ID: 0-2684066165
Opcode ID: 6d60e04ef04fd6d773dd786dff798b759c3c7231dc6cc4a212c045ddd3e097af
Instruction ID: 35875fd3ce2bdabfecc13ed6fcc85ff2e07b2c425b1b6c22e7b73e16926a2a25
Opcode Fuzzy Hash: 6d60e04ef04fd6d773dd786dff798b759c3c7231dc6cc4a212c045ddd3e097af
Instruction Fuzzy Hash: 719148B0D00208EBDB14DF92ECC6BAEBB31FF0A301F04506AE61476291D7759A20CF5A

Function 004F0015 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73b01ba0d396f6eeca2f789de4c06d549079628d046a78ebea61551007d530cd
Instruction ID: 891b879f1942f3d983860a6027f7beb6e0e2c051dbc528080572f92feade753c
Opcode Fuzzy Hash: 73b01ba0d396f6eeca2f789de4c06d549079628d046a78ebea61551007d530cd
Instruction Fuzzy Hash: 68320AB1E00229DFDB08DF85ECC5A6EB7B5FB69300F440169D619A7381E774AA10CF66

Function 004EB531 Relevance: .6, Instructions: 638COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c02f84e99b439a6ef546c1e97286fc6d162eb9dcdc202576968ba2a7951584da
Instruction ID: 38a1e59c080e0bfad28ab5e4b592d04c5d863beb32b932778f550728dbdea287
Opcode Fuzzy Hash: c02f84e99b439a6ef546c1e97286fc6d162eb9dcdc202576968ba2a7951584da
Instruction Fuzzy Hash: EA22F4B1A00218DFDB08DF85ECC5AAEB7B5FB1D300F54106AE215B7391E775AA10CB66

Function 007463B2 Relevance: .4, Instructions: 417COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b561fe04f6dd15fbc3e6ad8443ad130deeecda28715ba9399c0051ce477b9c5
Instruction ID: b1a23d2e2b1b2bc90a9e3806d8a663f915e21d02467bbe2b0e9a628887c29afb
Opcode Fuzzy Hash: 1b561fe04f6dd15fbc3e6ad8443ad130deeecda28715ba9399c0051ce477b9c5
Instruction Fuzzy Hash: B2E10171E55259CEEF25CFA8C8157FDBBB1EB06348F68401AD401A6282E77C8E81CB13

Function 0048DA40 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 660b5ddc5de78a938e8f6e1731cbea1ab76e0b9a949d8cc4976239bc135134be
Instruction ID: 68078de8bda9a01891ef8cd1ea2c3e0f39c32f776fcf1fa6f1d08d706278121a
Opcode Fuzzy Hash: 660b5ddc5de78a938e8f6e1731cbea1ab76e0b9a949d8cc4976239bc135134be
Instruction Fuzzy Hash: 12C1CB71D0A6804FD725EE08C4617AFBBE2AF81744F998C1FE48147392D738A845CB4A

Function 004EBC0E Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdfefa38843ac6f093f46e1a8b1a802b6bb52b5bb34063423ab63903fa139377
Instruction ID: dd5e2206655d3dd76e65b6429d83c6f66b68dd547f506f2f8b52fbcce42acc68
Opcode Fuzzy Hash: bdfefa38843ac6f093f46e1a8b1a802b6bb52b5bb34063423ab63903fa139377
Instruction Fuzzy Hash: 4EB138B0A00319EFDF11DF45E9C5BAA77B1FF19300F5440A5EA106B386D775AA20CB66

Function 004EA3AA Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93f0c960390dd5fb1b5ef86fb930a9956cc31fc5bcd836722f46a3666b48267b
Instruction ID: 446ace8276e8f920aad8bd754be1af5eda6f5f9d8614b94e53b86d3d4893025b
Opcode Fuzzy Hash: 93f0c960390dd5fb1b5ef86fb930a9956cc31fc5bcd836722f46a3666b48267b
Instruction Fuzzy Hash: 22914CB1A00218DFDB08CF85E8C9B6EB7B4FB59300F540069D615A7345E674BE61CB62

Function 00741332 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
Instruction ID: d8bb71884b7147b37f564bc285d5f71457b32737b607353ea3efc86e7e96624f
Opcode Fuzzy Hash: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
Instruction Fuzzy Hash: 80B18B35A0024ADFDB15DF08C5D0AA8FBA1FB58318F64C1ADD81A4B342D735EE82CB90

Function 004EBF8E Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 039ca43acfdd55b6d2d1689ced5970de84bb7d7d42dbc0c38c266d1da2b62789
Instruction ID: e5b951eb6e72ed5bb1a0a65eddaf3bc960b6dc8867b5c3a72796d6dcfebed096
Opcode Fuzzy Hash: 039ca43acfdd55b6d2d1689ced5970de84bb7d7d42dbc0c38c266d1da2b62789
Instruction Fuzzy Hash: DA8105B1E00219DFDB14DF85ECC6AAEB775FB19300F04112AE214B7291E775AA10CBA6

Function 004ECBF8 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41e62023fb90b7a4daaf0dae4b3757475bafd66cf477a34be47799ecb7d29b81
Instruction ID: 9130d1b92b241d261d42eb7fa70e2c17c85846ffa3b6def223c32f24add5854f
Opcode Fuzzy Hash: 41e62023fb90b7a4daaf0dae4b3757475bafd66cf477a34be47799ecb7d29b81
Instruction Fuzzy Hash: 847118B0D00219EFDB04DF95DCC6BAEBB71FB19301F14406AE204A7291D775AA51CB9A

Function 004EC8B3 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db907fd812e4bb173d19d9afb2e2bfb71086c4a43063a01bd7a7809ef8011ad
Instruction ID: c994595b138a004058b9bd2f8af3e2869db53afd3fb2694c33985908127395b0
Opcode Fuzzy Hash: 2db907fd812e4bb173d19d9afb2e2bfb71086c4a43063a01bd7a7809ef8011ad
Instruction Fuzzy Hash: DE51F7B1A00218EFDF18CF95ECC5F6A77B1FB19300F44416AE611A7391D675AA21CF52

Function 004EC623 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b53f1165979a194ae3640238757c9d1fe55c57b7770791f2f1e5e64cb77a56b
Instruction ID: 38ea2df936b69cc2ea7dfb320af99fbff946fcceb53e6dc25fb4041f515c1ddb
Opcode Fuzzy Hash: 9b53f1165979a194ae3640238757c9d1fe55c57b7770791f2f1e5e64cb77a56b
Instruction Fuzzy Hash: 98411BB0D40308EBDB14EF92ECC6B6EBB71FB1A701F049069E1147A291D7799A50CF5A

Function 004D41DA Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7154bdc57cc41833fb283411e9cc62a64f5fe336bbaac5ce159c143318622831
Instruction ID: 517400f13cb4c0a8ff9476cb6340a48de137390606ec28ca0d6884eaf083c5aa
Opcode Fuzzy Hash: 7154bdc57cc41833fb283411e9cc62a64f5fe336bbaac5ce159c143318622831
Instruction Fuzzy Hash: FE411DB4E41308ABEF51DF95DCC1B9DBBB5EF09310F1400A9EA04AB342D6755A50CB65

Function 004ECA8F Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46112c79a1c4469b1f97261bc0f192dc6b8c20a4cd20119b56ee93ff9722db12
Instruction ID: 40b912e75a291ff13f5b42f53a371834cea9a7211b68460a1c24dab29e5caf12
Opcode Fuzzy Hash: 46112c79a1c4469b1f97261bc0f192dc6b8c20a4cd20119b56ee93ff9722db12
Instruction Fuzzy Hash: DC4107B1A00218EFDF04CF85ECC5F6977B1FB19300F4441A9E611AB391D675AA60CF52

Function 004EEA78 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc327b305442cfae69e4e8f31011e8878c4f661bbc290050ea5516b52b9fd864
Instruction ID: e0745a4ca3fa5fc04f1c46ab47c72ddeee5c6c6bbb47bb47a606fa8c4f32b755
Opcode Fuzzy Hash: fc327b305442cfae69e4e8f31011e8878c4f661bbc290050ea5516b52b9fd864
Instruction Fuzzy Hash: 23315EB0D01248EFDB00EF92ECC6B6EBB31FB16301F1050AAE50567391E775AA50DB5A

Function 00452A5B Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4e5094aeb01775cd81f3b7ac8fccbb023e81b477e27a1830b161a328156ed31
Instruction ID: 1dcdbe2dd482372c6ac3a0cc89c77f48687a694dbc7fe067f068fe554b175dc5
Opcode Fuzzy Hash: d4e5094aeb01775cd81f3b7ac8fccbb023e81b477e27a1830b161a328156ed31
Instruction Fuzzy Hash: 84319C7090568AEEDB01CFD898453AEFF70BF25300F14C19ED09867342D779AA24CBA6

Function 004ECE72 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ef8409ba1df190f860c55083e5057dd3d65018f27170f6b8c6877131689232a
Instruction ID: c2c6fdea48b677310f5a7066ad668d0f85ba571706c50ca02f5a53b1d393b8c2
Opcode Fuzzy Hash: 7ef8409ba1df190f860c55083e5057dd3d65018f27170f6b8c6877131689232a
Instruction Fuzzy Hash: BE314BB0D40208EFDB04EF95DCD6B6EBB71FB15301F04806AE21467291D7796A50DF9A

Function 004EC7CE Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 197535cd4478fa95d2cc2d11b9331e6dea6328a5349ded5d5c5b1fa1a33a143f
Instruction ID: d0e9f948d5dd2fe596ed2ab26b2566d08c7af1375b45cb832ab9827a8aed6bd0
Opcode Fuzzy Hash: 197535cd4478fa95d2cc2d11b9331e6dea6328a5349ded5d5c5b1fa1a33a143f
Instruction Fuzzy Hash: 2821F5B1E00218EFDB04DF85ECD5B6DBBB1FB19301F4480AAE614A7391D675AA20DF52

Function 00498AA0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: 8d9babd9a2911a2c69a1bf21757ca84e69fd32c22ba3ed1fec73a0847615e2b4
Instruction ID: ffc53bc0d4d0d29491ee24db9658e2e14254d522dbd07d77a53fc4ec6a9b82a6
Opcode Fuzzy Hash: 8d9babd9a2911a2c69a1bf21757ca84e69fd32c22ba3ed1fec73a0847615e2b4
Instruction Fuzzy Hash: E811E32492420482DF10EB6CD4001DBBBF8EF46314F40887FD899D7361EAB48946C39E

Function 00454ED3 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 636f311a4b50d9411882654b697dc7159330f5e4c35e5a2960643c4933482fb7
Instruction ID: 0f02d7793ce586696836d0a9787ccd918a5f93c485f98fe7bb19481da71a4a4c
Opcode Fuzzy Hash: 636f311a4b50d9411882654b697dc7159330f5e4c35e5a2960643c4933482fb7
Instruction Fuzzy Hash: 4D01A9365042408ADF788908A5D06FA736597D631FE20306BDD3B4E70BD51E58CEAA6F

Function 004EE9F1 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b43882f1ed190f50feccb062b320154e249bc63f9943d72099d0048d0b6e3ee9
Instruction ID: b617161feda28166e2b0f183af1a128225b29d970bb5c7f948bbb0ff4721088f
Opcode Fuzzy Hash: b43882f1ed190f50feccb062b320154e249bc63f9943d72099d0048d0b6e3ee9
Instruction Fuzzy Hash: 14F03070D06248EBEB00AF92994676DBA34FB07702F1060BEA40936291E73A4A54D78F

Function 004E09A6 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38c4f4a7c01098d12fd2c2092bb640775f2802e20fec3a17d7305e8c47fa8833
Instruction ID: dcc762da202f43e78a351952d97c4bf33c9d53574140e83685b3329694d0939d
Opcode Fuzzy Hash: 38c4f4a7c01098d12fd2c2092bb640775f2802e20fec3a17d7305e8c47fa8833
Instruction Fuzzy Hash: 3CF05EB1C0634CEBD750EF51AD02B7ABA31FB12302F006136A44837251E6758A64D79F

Function 004DAEA2 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d705a2c2507cd7cb2ce6b110774ffd21d4cbbcf7b7bbded0dd56b6a8f7d513b0
Instruction ID: 83c3a6363a4e44b964077735b305b1aeb4964ef9fa0d77068b7912227f3c0e9d
Opcode Fuzzy Hash: d705a2c2507cd7cb2ce6b110774ffd21d4cbbcf7b7bbded0dd56b6a8f7d513b0
Instruction Fuzzy Hash: 77F03AB4D46208EBDB10AF50EC06B6ABA70BB06345F00606AE50937251E6358A34EB9F

Function 004E0939 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f0cbb97a723157e0b1f0f4e9a92d9f4decec48cc1d5464689f96ef359f62a28
Instruction ID: 71d60e488a930f6ad344a8e567da415fa469939bc6e8a4b339f2f9a3c3a6a309
Opcode Fuzzy Hash: 2f0cbb97a723157e0b1f0f4e9a92d9f4decec48cc1d5464689f96ef359f62a28
Instruction Fuzzy Hash: 84F082B1C06348EBDB10AF51EC03B7EBA31BB02302F006136E50837262E6714674D78E

Function 004DAE35 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8911c61885ca2717a211ef91a564ae217bf6832c4c985685bf4bf936965e8064
Instruction ID: 8e0f9ce68296b973b64557c13d207145dc02b960bf5cde7b1a1992a7c035e258
Opcode Fuzzy Hash: 8911c61885ca2717a211ef91a564ae217bf6832c4c985685bf4bf936965e8064
Instruction Fuzzy Hash: 66F0DA74C46348EBDB10EF50AD06B6ABB35FB16301F046066E50937251E6355634DA9B

Function 004EC5E8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21033a3bd462fd7f3d63ff9bd683f39d1db3bfe1c5de2b1bf0ee36cdf3fe405d
Instruction ID: 17c774c92905046e4e937b6bfc55a646d893fd092dbab77bb9595b7eb95ec4fa
Opcode Fuzzy Hash: 21033a3bd462fd7f3d63ff9bd683f39d1db3bfe1c5de2b1bf0ee36cdf3fe405d
Instruction Fuzzy Hash: FDD05BB0D4534CF7DB10BE51AC43B6FB635D712701F005165F90426291D6764560D6DF

Function 004F0A8C Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c11dddf9d5bd842034413e3d52e85f43a6e43c70601f9be541f3362324684f4
Instruction ID: 4be49a583488b1ff3fa95ad2b9e09eea164051996c134f0f5cdee43211469e2e
Opcode Fuzzy Hash: 9c11dddf9d5bd842034413e3d52e85f43a6e43c70601f9be541f3362324684f4
Instruction Fuzzy Hash: C7D01270D4630CA7D600AE50A90293ABA34AB53301F00916AAA0826151E6768E25969F

Function 00471A60 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 324COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00471A8B
VariantInit.OLEAUT32(00000000), ref: 00471ABA
VariantCopyInd.OLEAUT32(00000000), ref: 00471AC2
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 00471B65

Part of subcall function 0048D080: HeapAlloc.KERNEL32(00CB0000,00000000,00000008,?,?,00471A21,00000008,?), ref: 0048D091

VariantCopyInd.OLEAUT32(?), ref: 00471D45
VariantChangeType.OLEAUT32(00000000,?,00000000,?), ref: 00471D60

Strings

hZy, xrefs: 00471CE9
hZy, xrefs: 00471E2B

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Variant$CopyInit$AllocArrayChangeElementHeapSafeType
String ID: hZy$hZy
API String ID: 3823512745-2096867940
Opcode ID: 6d22b00dba22d5dd974ab25c4479196fea67472321978ee725e5137dbae9881c
Instruction ID: ced8e835ba1a057d581bb2dea14f542bb58c617049705059fab916156bf4107d
Opcode Fuzzy Hash: 6d22b00dba22d5dd974ab25c4479196fea67472321978ee725e5137dbae9881c
Instruction Fuzzy Hash: 3BD15C755083419FC714DF19C880AAABBE5FF88314F14C92EF89A97360D738E946CB96

Function 00484F50 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 310libraryregistryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00484B7C,007695E8,00484B7C,?,?,?,?,?,?,00000000,00998E60,00000000), ref: 00485034
LoadLibraryA.KERNEL32(?,00484B7C,00000000,00484B7C,?,?,00880E94,?,?,?,?,?,?,00000000,00998E60,00000000), ref: 00485071
GetProcAddress.KERNEL32(00000000,DllRegisterServer), ref: 004850A7
FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,00000000,00998E60,00000000), ref: 004850B2
FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,00000000,00998E60,00000000), ref: 004850C0
LoadTypeLib.OLEAUT32(00000000,00000000), ref: 004851CD
RegisterTypeLib.OLEAUT32(00000000,00000000), ref: 00485202
CLSIDFromString.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00998E60,00000000), ref: 004852C7
UnRegisterTypeLib.OLEAUT32(?,00000000,00000000,00000000,00000001), ref: 004852E3

Strings

DllUnregisterServer, xrefs: 004850A0, 004850A5
DllRegisterServer, xrefs: 00485099

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Library$LoadType$FreeRegister$AddressFromProcString
String ID: DllRegisterServer$DllUnregisterServer
API String ID: 2476498075-2931954178
Opcode ID: 58ab1739ffd4e4f64314c85b08331e9e0a658ff8886095337d7b54c45c52ade8
Instruction ID: 6fb9e3bb671ce71e19a69c3120bb83c4239f6d5aae2549115ca4b69cd9e02fe7
Opcode Fuzzy Hash: 58ab1739ffd4e4f64314c85b08331e9e0a658ff8886095337d7b54c45c52ade8
Instruction Fuzzy Hash: 99B1B471900209EBDB24EFA4C845FEE7778EF44314F148959F815AB281DB78AE09CBA5

Function 00745F20 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 221COMMON

Download Yara Rule

APIs

CompareStringW.KERNEL32(00000000,00000000,0086ECFC,00000001,0086ECFC,00000001,00000000,028011BC,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,00736360), ref: 00745F5E
CompareStringA.KERNEL32(00000000,00000000,0086ECF8,00000001,0086ECF8,00000001), ref: 00745F7B
CompareStringA.KERNEL32(004C5B76,00000000,00000000,00000000,00736360,00000000,00000000,028011BC,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,00736360), ref: 00745FD9
GetCPInfo.KERNEL32(00000000,00000000,00000000,028011BC,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,00736360,00000000), ref: 0074602A
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000), ref: 007460A9
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 0074610A
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,?,00000000,00000000), ref: 0074611D
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 00746169
CompareStringW.KERNEL32(004C5B76,00000000,00000000,00000000,?,00000000,?,00000000), ref: 00746181

Strings

v[L, xrefs: 00745F20

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharCompareMultiStringWide$Info
String ID: v[L
API String ID: 1651298574-2300069076
Opcode ID: 71a0e7c5a29ec6a78d84fc793af1ab67c109c1fcfa8d705110f770438312e911
Instruction ID: 92fef989e61db754cd8c80ea742c52a67a5368f4d0c9d0d6ad72b454d1b4be7e
Opcode Fuzzy Hash: 71a0e7c5a29ec6a78d84fc793af1ab67c109c1fcfa8d705110f770438312e911
Instruction Fuzzy Hash: D371C072900249EFCF219F95DC85DEE7FBAEB06700F14412AF911A7261D33A8C54DBA2

Function 0073CC3F Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00735AE4), ref: 0073CC5A
GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00735AE4), ref: 0073CC6E
GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00735AE4), ref: 0073CC9A
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00735AE4), ref: 0073CCD2
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00735AE4), ref: 0073CCF4
FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,00735AE4), ref: 0073CD0D
GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00735AE4), ref: 0073CD20
FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0073CD5E

Strings

Zs, xrefs: 0073CD08, 0073CCFA

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: EnvironmentStrings$ByteCharFreeMultiWide
String ID: Zs
API String ID: 1823725401-1835598276
Opcode ID: ed747a1b207d969eddb0f3ff5d1748b00e81f152637e1baaa2317b762ac72b48
Instruction ID: 2042d82cb5fedc734ea321a63941d851ed5dfb9e0ce0a4cacdb8dfbea480381b
Opcode Fuzzy Hash: ed747a1b207d969eddb0f3ff5d1748b00e81f152637e1baaa2317b762ac72b48
Instruction Fuzzy Hash: 9531E3B26182656FF7323B785C8883B7BACEA45754F150939F546E3103E6698C40C771

Function 006F837F Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,006F2C53,?,Microsoft Visual C++ Runtime Library,00012010,?,0079C990,?,0079C9E0,?,?,?,Runtime Error!Program: ), ref: 006F8391
GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 006F83A9
GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 006F83BA
GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 006F83C7

Strings

MessageBoxA, xrefs: 006F83A3
GetLastActivePopup, xrefs: 006F83BC
user32.dll, xrefs: 006F838C
GetActiveWindow, xrefs: 006F83B4

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
API String ID: 2238633743-4044615076
Opcode ID: 87eab306663df25f3640b358f0c0c9de520827dbbeac14cc1e696fdb51ee0895
Instruction ID: be85db262fa4cab505bc7c01d5fc612974e5f94b32f36f520789740f6a92d40e
Opcode Fuzzy Hash: 87eab306663df25f3640b358f0c0c9de520827dbbeac14cc1e696fdb51ee0895
Instruction Fuzzy Hash: 08018F7230170AAF8F11DFF9AC849AB3FE9BA59B54704042AF205E3221EA748C15CB31

Function 007456E3 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,0073D32A,?,Microsoft Visual C++ Runtime Library,00012010,?,0086EA6C,?,0086EABC,?,?,?,Runtime Error!Program: ), ref: 007456F5
GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0074570D
GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0074571E
GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 0074572B

Strings

user32.dll, xrefs: 007456F0
MessageBoxA, xrefs: 00745707
GetLastActivePopup, xrefs: 00745720
GetActiveWindow, xrefs: 00745718

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
API String ID: 2238633743-4044615076
Opcode ID: 6f54b658c6b6b1dad53a9ffc519bd868ef3158bd66a3082d5ccd76734677339a
Instruction ID: 284c8c667a8d0d796f968b44b49ba5f4738b9767db49b844fbd21f1acc88d854
Opcode Fuzzy Hash: 6f54b658c6b6b1dad53a9ffc519bd868ef3158bd66a3082d5ccd76734677339a
Instruction Fuzzy Hash: 57017131A44742EF87119FB5ECC892A7AE9FB5C7A23054439E605D7123DB68CD00A760

Function 00740892 Relevance: 13.7, APIs: 9, Instructions: 177COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32(00000000,00000100,0086ECFC,00000001,00000000,00000000,74DEE860,009E3A34,?,?,?,00737BBD,?,?,?,00000000), ref: 007408D4
LCMapStringA.KERNEL32(00000000,00000100,0086ECF8,00000001,00000000,00000000,?,?,00737BBD,?,?,?,00000000,00000001), ref: 007408F0
LCMapStringA.KERNEL32(?,?,?,00737BBD,?,?,74DEE860,009E3A34,?,?,?,00737BBD,?,?,?,00000000), ref: 00740939
MultiByteToWideChar.KERNEL32(?,009E3A35,?,00737BBD,00000000,00000000,74DEE860,009E3A34,?,?,?,00737BBD,?,?,?,00000000), ref: 00740971
MultiByteToWideChar.KERNEL32(00000000,00000001,?,00737BBD,?,00000000,?,?,00737BBD,?), ref: 007409C9
LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,00737BBD,?), ref: 007409DF
LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,00737BBD,?), ref: 00740A12
LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,00737BBD,?), ref: 00740A7A

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: String$ByteCharMultiWide
String ID:
API String ID: 352835431-0
Opcode ID: f32c012dea6c1af99c94354b94870a0b88b757c13dc30bd363dac6479860c869
Instruction ID: 92e8181c33a7c826f65b327ed57968a20d27c0f5f37fbbdfad71fb2cc3b3067f
Opcode Fuzzy Hash: f32c012dea6c1af99c94354b94870a0b88b757c13dc30bd363dac6479860c869
Instruction Fuzzy Hash: B1516C71A10249EBDF218FA5CC45EEE7FB9FB48750F108119FA15A2261D3399D60EBA0

Function 00491700 Relevance: 12.4, APIs: 8, Instructions: 368windowCOMMON

Download Yara Rule

APIs

CreatePopupMenu.USER32 ref: 0049187E
AppendMenuA.USER32(?,?,00000000,?), ref: 004919E1
AppendMenuA.USER32(?,00000000,00000000,?), ref: 00491A19
ModifyMenuA.USER32(?,00000000,00000000,00000000,00000000), ref: 00491A37
AppendMenuA.USER32(?,?,00000000,?), ref: 00491A95
ModifyMenuA.USER32(?,?,?,?,?), ref: 00491ABA
AppendMenuA.USER32(?,?,?,?), ref: 00491B02
ModifyMenuA.USER32(?,?,?,?,?), ref: 00491B27

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$Append$Modify$CreatePopup
String ID:
API String ID: 3846898120-0
Opcode ID: 57175a08627f85981864da04445b6de949f1b054f33721fabe141f7174a0b00a
Instruction ID: a5e5d19ba3dd1ea391ded46974d1ad62f942af9f3e508ec3df1efc2c314285b5
Opcode Fuzzy Hash: 57175a08627f85981864da04445b6de949f1b054f33721fabe141f7174a0b00a
Instruction Fuzzy Hash: 38D1AEB16043128BCB24DF59C884A6BBBE8FF89714F04452DF98993361E778EC05CB96

Function 0073D206 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 0073D273
GetStdHandle.KERNEL32(000000F4,0086EA6C,00000000,00000000,00000000,?), ref: 0073D349
WriteFile.KERNEL32(00000000), ref: 0073D350

Strings

Microsoft Visual C++ Runtime Library, xrefs: 0073D31F
<program name unknown>, xrefs: 0073D283
..., xrefs: 0073D2C5
Runtime Error!Program: , xrefs: 0073D2D9

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$HandleModuleNameWrite
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 3784150691-4022980321
Opcode ID: 14b72bc72e0eddd9ad2e26abebf2d8b19fee6c7b83a45369101e026f59adf5ac
Instruction ID: 0fbd95b1096b87d67990753f42d934d7efaec106a830c69f8d3b879243d30d9a
Opcode Fuzzy Hash: 14b72bc72e0eddd9ad2e26abebf2d8b19fee6c7b83a45369101e026f59adf5ac
Instruction Fuzzy Hash: F331A572A40218EEFF30EA60DC4AF9A77ADFB41300F540466F555D6152E778DD448B62

Function 006F2B2F Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000010), ref: 006F2B9C
GetStdHandle.KERNEL32(000000F4,0079C990,00000000,0088AACE,00000000,00000010), ref: 006F2C72
WriteFile.KERNEL32(00000000), ref: 006F2C79

Strings

Microsoft Visual C++ Runtime Library, xrefs: 006F2C48
..., xrefs: 006F2BEE
Runtime Error!Program: , xrefs: 006F2C02
<program name unknown>, xrefs: 006F2BAC

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$HandleModuleNameWrite
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 3784150691-4022980321
Opcode ID: 4a75455a6eb7ac0e0289b98f562e543c383f1ca0c19130cf6f1b794baa9568fc
Instruction ID: 70d6916e60bc67fced3b88806de911d6e250ecb5380fece3f98b52459d322ccc
Opcode Fuzzy Hash: 4a75455a6eb7ac0e0289b98f562e543c383f1ca0c19130cf6f1b794baa9568fc
Instruction Fuzzy Hash: 3B31E372A0021D6FDF20DBA0CC4AFF9377EEF41740F5004AAF645D6040E670E9858E55

Function 004B5110 Relevance: 12.2, APIs: 8, Instructions: 162COMMON

Download Yara Rule

APIs

GetDeviceCaps.GDI32(?,00000058), ref: 004B5128
GetDeviceCaps.GDI32(?,0000005A), ref: 004B5131
GetDeviceCaps.GDI32(?,0000006E), ref: 004B5142
GetDeviceCaps.GDI32(?,0000006F), ref: 004B515F
GetDeviceCaps.GDI32(?,00000070), ref: 004B5174
GetDeviceCaps.GDI32(?,00000071), ref: 004B5189
GetDeviceCaps.GDI32(?,00000008), ref: 004B519E
GetDeviceCaps.GDI32(?,0000000A), ref: 004B51B3

Part of subcall function 004B4EF0: __ftol.LIBCMT ref: 004B4EF5

Part of subcall function 004B4F20: __ftol.LIBCMT ref: 004B4F25

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CapsDevice$__ftol
String ID:
API String ID: 1555043975-0
Opcode ID: 648cddd3992e7f8daea5d6e43c83c1a129973b18fb0438fe24c5e1a07eb4fb2e
Instruction ID: 356c2168fdad17083ff3ee32486f7afb7acff4efa8ff27ca8855be4755c92dfb
Opcode Fuzzy Hash: 648cddd3992e7f8daea5d6e43c83c1a129973b18fb0438fe24c5e1a07eb4fb2e
Instruction Fuzzy Hash: F0516570508700AFD300EF2AD885A6FBBE4FFC9304F01495DFA9497291DA71D9248BA6

Function 0046EFC0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 250COMMON

Download Yara Rule

APIs

__ftol.LIBCMT ref: 0046F0BA

Strings

VUUU, xrefs: 0046F259
VUUU, xrefs: 0046F23C

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __ftol
String ID: VUUU$VUUU
API String ID: 495808979-3149182767
Opcode ID: b144218625de9fcc208e1f4ed95dab7c1f13a86738858838095590f20b42a44f
Instruction ID: 68c636e096dcdab8c259fe8e1b7fd7cd2921015b8c5940ed1f4390b25612d5d4
Opcode Fuzzy Hash: b144218625de9fcc208e1f4ed95dab7c1f13a86738858838095590f20b42a44f
Instruction Fuzzy Hash: 7791E471508705DBC708DF28E4955AEBBE0FFC4354F048AAEF88987261EB35D949CB86

Function 006F8408 Relevance: 9.1, APIs: 6, Instructions: 117COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(00000001,0079CCE4,00000001,-00000030,000009DF,00000000,-00000030,?,000009DC,006F0E3D,00000000,006ED1F3,00000000), ref: 006F8447
GetStringTypeA.KERNEL32(00000000,00000001,0079CCE0,00000001,?,?,000009DC,006F0E3D,00000000,006ED1F3,00000000), ref: 006F8461
GetStringTypeA.KERNEL32(-00000030,006ED1F3,00000000,006F0E3D,000009DC,000009DF,00000000,-00000030,?,000009DC,006F0E3D,00000000,006ED1F3,00000000), ref: 006F8495
MultiByteToWideChar.KERNEL32(?,00000001,00000000,006F0E3D,00000000,00000000,000009DF,00000000,-00000030,?,000009DC,006F0E3D,00000000,006ED1F3,00000000), ref: 006F84CD
MultiByteToWideChar.KERNEL32(?,00000001,00000000,006F0E3D,?,?,?,?,?,?,000009DC,006F0E3D,00000000,006ED1F3), ref: 006F8523
GetStringTypeW.KERNEL32(006ED1F3,?,00000000,000009DC,?,?,?,?,?,?,000009DC,006F0E3D,00000000,006ED1F3), ref: 006F8535

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: StringType$ByteCharMultiWide
String ID:
API String ID: 3852931651-0
Opcode ID: 4ee738764cd067b9c3f32b6d65ce3f2fe561b1c1f42e5f251252364742d82e83
Instruction ID: 024ed90012dba34c2ae2975c245582611e08a09e9a838772fb19a17b22aef7f5
Opcode Fuzzy Hash: 4ee738764cd067b9c3f32b6d65ce3f2fe561b1c1f42e5f251252364742d82e83
Instruction Fuzzy Hash: 0241797260121AAFCF218F94DC869EE3FBAFB09750F104565FA12E7250DB349D518BA0

Function 00743EC1 Relevance: 9.1, APIs: 6, Instructions: 117COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(00000001,0086ECFC,00000001,?,74DEE860,009E3A34,?,?,00737BBD,?,?,?,00000000,00000001), ref: 00743F00
GetStringTypeA.KERNEL32(00000000,00000001,0086ECF8,00000001,?,?,00737BBD,?,?,?,00000000,00000001), ref: 00743F1A
GetStringTypeA.KERNEL32(?,?,?,?,00737BBD,74DEE860,009E3A34,?,?,00737BBD,?,?,?,00000000,00000001), ref: 00743F4E
MultiByteToWideChar.KERNEL32(?,009E3A35,?,?,00000000,00000000,74DEE860,009E3A34,?,?,00737BBD,?,?,?,00000000,00000001), ref: 00743F86
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,00737BBD,?), ref: 00743FDC
GetStringTypeW.KERNEL32(?,?,00000000,00737BBD,?,?,?,?,?,?,00737BBD,?), ref: 00743FEE

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: StringType$ByteCharMultiWide
String ID:
API String ID: 3852931651-0
Opcode ID: 37c67122f0725f2a5fb0bfcf1ef6f87745f6c4a3522a396698327df32f759399
Instruction ID: df1a1cfd00a292ed1738b2c163654d87961b8613e7bd51df446c08dd1ff1bc3e
Opcode Fuzzy Hash: 37c67122f0725f2a5fb0bfcf1ef6f87745f6c4a3522a396698327df32f759399
Instruction Fuzzy Hash: D041AE72A0421AAFDF209F95CC86EEF7F78FB08750F104426F919D6290C7788A54DBA0

Function 0048F740 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0048F7CD
wsprintfA.USER32 ref: 0048F7E9

Strings

?? / %d], xrefs: 0048F7E3
- , xrefs: 0048F814
%d / %d], xrefs: 0048F7C7
- [, xrefs: 0048F768

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf
String ID: - $ - [$%d / %d]$?? / %d]
API String ID: 2111968516-3107364983
Opcode ID: cf04dabf8675b5db3344851150b6401b32f4957dcf3135219d481fe87e2d1035
Instruction ID: b5942bb3bb94efa9d6a17e06766c889e30c04495897d6daa2490f3ff21e998bb
Opcode Fuzzy Hash: cf04dabf8675b5db3344851150b6401b32f4957dcf3135219d481fe87e2d1035
Instruction Fuzzy Hash: 7A313075204701EFD324EB24C945AABB7E4EF84710F108D2DF89A87391DB79A809CB52

Function 00766EDE Relevance: 9.1, APIs: 6, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(009E28C4,009E28B4,00000000,?,009E28C4,?,00767146,009E28B4,00000000,?,00000000,00766B5D,00766457,00766B79,00762088,0076332A), ref: 00766EE9
EnterCriticalSection.KERNEL32(009E28E0,00000010,?,009E28C4,?,00767146,009E28B4,00000000,?,00000000,00766B5D,00766457,00766B79,00762088,0076332A), ref: 00766F38
LeaveCriticalSection.KERNEL32(009E28E0,00000000,?,009E28C4,?,00767146,009E28B4,00000000,?,00000000,00766B5D,00766457,00766B79,00762088,0076332A), ref: 00766F4B
LocalAlloc.KERNEL32(00000000,00000004,?,009E28C4,?,00767146,009E28B4,00000000,?,00000000,00766B5D,00766457,00766B79,00762088,0076332A), ref: 00766F61
LocalReAlloc.KERNEL32(?,00000004,00000002,?,009E28C4,?,00767146,009E28B4,00000000,?,00000000,00766B5D,00766457,00766B79,00762088,0076332A), ref: 00766F73
TlsSetValue.KERNEL32(009E28C4,00000000), ref: 00766FAF

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocCriticalLocalSectionValue$EnterLeave
String ID:
API String ID: 4117633390-0
Opcode ID: 4f28cb0b532ba30ee05b1b56355a46a715f4e36e38aa99a6c638886086614855
Instruction ID: 67fc6da820398a65022ff81058b49ce99b2034eef5021ed5a5d2c6f2b059e34b
Opcode Fuzzy Hash: 4f28cb0b532ba30ee05b1b56355a46a715f4e36e38aa99a6c638886086614855
Instruction Fuzzy Hash: E6315A35200605EFD724DF55E899EA6B7B9FB44350F40C519E95BC7690DB78E808CB60

Function 00488E60 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 138memoryCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32(00000000,?,?,00002002,00001000,?,?), ref: 00488F64
GlobalReAlloc.KERNEL32(00000000,00000000,00000002), ref: 00488F6E

Part of subcall function 00766053: __EH_prolog.LIBCMT ref: 00766058

Part of subcall function 0075D315: InterlockedDecrement.KERNEL32(-000000F4), ref: 0075D329

Strings

T}y, xrefs: 00488EE0
P}y, xrefs: 00488FA6
P}y, xrefs: 0048907F

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$AllocDecrementH_prologInterlockedUnlock
String ID: P}y$P}y$T}y
API String ID: 2641609054-2796846834
Opcode ID: 54e13859742ecd9fe7c1d198e38048107ace26e409bd750296bcffd414a4a722
Instruction ID: d7c6dc0b161fe34ffc8907456891a8fed3aa04011330901a42b1736641855622
Opcode Fuzzy Hash: 54e13859742ecd9fe7c1d198e38048107ace26e409bd750296bcffd414a4a722
Instruction Fuzzy Hash: 27518E34D05388DEDB15EFA4C945BEDBBB4AF55304F508199E80967281DBB81F48CB62

Function 00735A4E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32 ref: 00735A74

Part of subcall function 0073D170: HeapCreate.KERNELBASE(00000000,00001000,00000000,00735AAC,00000001), ref: 0073D181
Part of subcall function 0073D170: HeapDestroy.KERNEL32 ref: 0073D1C0

GetCommandLineA.KERNEL32 ref: 00735AD4
GetStartupInfoA.KERNEL32(?), ref: 00735AFF
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00735B22

Part of subcall function 00735B7B: ExitProcess.KERNEL32 ref: 00735B98

Strings

Fn, xrefs: 00735AEE

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
String ID: Fn
API String ID: 2057626494-3893899328
Opcode ID: 1834f915a8655d3582eacae24814a87d9ee18413586c33455820c272cff39ecd
Instruction ID: d4ae0690312a9a46ed11391ce6252f69b62a2d235fec42aeb585d5a81dc5c059
Opcode Fuzzy Hash: 1834f915a8655d3582eacae24814a87d9ee18413586c33455820c272cff39ecd
Instruction Fuzzy Hash: 442194B1954745DFE705EFB4DC4AA6D7BB9FF04700F104119F502AA2A2DB7C8840DB61

Function 00491DB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32(?), ref: 00491DF0
GlobalSize.KERNEL32(?), ref: 00491E13
GlobalSize.KERNEL32(?), ref: 00491E43
GlobalUnlock.KERNEL32(?,00000000,00000000), ref: 00491E53

Strings

BM, xrefs: 00491E0D

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$Size$LockUnlock
String ID: BM
API String ID: 2233901773-2348483157
Opcode ID: 2bb7130df8bd59280576e640c357a916a00d0b42907d6021698de4278122175e
Instruction ID: 4c6eb29e82b4ff571d47882a0816d56bc661d311ed899e67bb8003ec67df250b
Opcode Fuzzy Hash: 2bb7130df8bd59280576e640c357a916a00d0b42907d6021698de4278122175e
Instruction Fuzzy Hash: DC21AA76900258EBC710DF99D845BDEFBB8FF48720F004569F819E3381D77859048BA5

Function 0073CD71 Relevance: 7.6, APIs: 5, Instructions: 150COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32(?), ref: 0073CDCF
GetFileType.KERNEL32(?,?,00000000), ref: 0073CE7A
GetStdHandle.KERNEL32(-000000F6,?,00000000), ref: 0073CEDD
GetFileType.KERNEL32(00000000,?,00000000), ref: 0073CEEB
SetHandleCount.KERNEL32 ref: 0073CF22

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileHandleType$CountInfoStartup
String ID:
API String ID: 1710529072-0
Opcode ID: 572964d024e2b8e449ff8c17d85af68dac78cb80d803617c9ec260af6020d4f5
Instruction ID: 898645ad746f7b06d2c92e2806d6561b28d59533755e6b4a2d2e3be6da05d3ec
Opcode Fuzzy Hash: 572964d024e2b8e449ff8c17d85af68dac78cb80d803617c9ec260af6020d4f5
Instruction Fuzzy Hash: D25127B2514251CFF722CB28C8887657BE1EB01734F288668D5A2EB2E2D739DD05DB51

Function 00496FA0 Relevance: 7.6, APIs: 5, Instructions: 103synchronizationCOMMON

Download Yara Rule

APIs

midiStreamStop.WINMM(?,00000000,?,00000000,00496B0A,00000000,00998E60,0048CB36,00998E60,?,0048762F,00998E60,004855F6,00000001,00000000,000000FF), ref: 00496FD5
midiOutReset.WINMM(?,?,0048762F,00998E60,004855F6,00000001,00000000,000000FF), ref: 00496FF3
WaitForSingleObject.KERNEL32(00000000,000007D0,?,0048762F,00998E60,004855F6,00000001,00000000,000000FF), ref: 00497016
midiStreamClose.WINMM(?,?,0048762F,00998E60,004855F6,00000001,00000000,000000FF), ref: 00497053
midiStreamClose.WINMM(?,?,0048762F,00998E60,004855F6,00000001,00000000,000000FF), ref: 00497087

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: midi$Stream$Close$ObjectResetSingleStopWait
String ID:
API String ID: 3142198506-0
Opcode ID: 3108812e0a355d20ea7581414c843e934c9c1628fa2b1216644ad09f5c5484c3
Instruction ID: aafe529fe4b48e1bd89c5efae5193af60a858c3693c8b112e49e2b962a341aa3
Opcode Fuzzy Hash: 3108812e0a355d20ea7581414c843e934c9c1628fa2b1216644ad09f5c5484c3
Instruction Fuzzy Hash: 86315EB26147018BCF30DF69D4C855BBBE6FF943057108A3FE286C6600C779E8458B98

Function 0075F8BB Relevance: 7.6, APIs: 5, Instructions: 52stringregistryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0075F8C0
GetClassInfoA.USER32(?,?,?), ref: 0075F8DB
RegisterClassA.USER32(?), ref: 0075F8E6
lstrcatA.KERNEL32(00000034,?,00000001), ref: 0075F91D
lstrcatA.KERNEL32(00000034,?), ref: 0075F92B

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Classlstrcat$H_prologInfoRegister
String ID:
API String ID: 106226465-0
Opcode ID: 8416911cbcf7acd8e6510b59b09b8af4cbaa5d0145098f86765e74953c532bd3
Instruction ID: 27c509268fe8ade2a13f8ab924f8529884c3ca6e8514d104e73cdd14e158e367
Opcode Fuzzy Hash: 8416911cbcf7acd8e6510b59b09b8af4cbaa5d0145098f86765e74953c532bd3
Instruction Fuzzy Hash: 2B11E576500748FECB01AF64DC05BDE7BA8EF15311F008569FC07E7191D7B9AA098A61

Function 006F212D Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,006F5C99,006F867B,?,006F2E24,00000000,?,00000001,00000800,006EDA17,00000000,?,006F360C,?,?), ref: 006F212F
TlsGetValue.KERNEL32(?,006F360C,?,?,?,006F303C,00000000,?,00000000), ref: 006F213D
SetLastError.KERNEL32(00000000,?,006F360C,?,?,?,006F303C,00000000,?,00000000), ref: 006F2189

Part of subcall function 006F7743: HeapAlloc.KERNEL32(00000008,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 006F7839

TlsSetValue.KERNEL32(00000000,?,006F360C,?,?,?,006F303C,00000000,?,00000000), ref: 006F2161
GetCurrentThreadId.KERNEL32 ref: 006F2172

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastValue$AllocCurrentHeapThread
String ID:
API String ID: 2020098873-0
Opcode ID: a0918f4e3e38d1ca2a1fbc90d4cdf024b1676c09ffa2b83c90a5ee3f9a73f09e
Instruction ID: 752e23cccd4a12faf6c38d0f64362eacf64eaa3abc952456e5006877d93e7cc9
Opcode Fuzzy Hash: a0918f4e3e38d1ca2a1fbc90d4cdf024b1676c09ffa2b83c90a5ee3f9a73f09e
Instruction Fuzzy Hash: 03F02B396063176BD7712B30AC096B93E65AF407B17044228F7469A2E0DB749C028AAD

Function 0073CF94 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000103,7FFFFFFF,007381B2,00739B58,00000000,?,?,00000000,00000001), ref: 0073CF96
TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 0073CFA4
SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 0073CFF0

Part of subcall function 007385D5: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,0073CFB9,00000001,00000074,?,?,00000000,00000001), ref: 007386CB

TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 0073CFC8
GetCurrentThreadId.KERNEL32 ref: 0073CFD9

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastValue$AllocCurrentHeapThread
String ID:
API String ID: 2020098873-0
Opcode ID: 6cf395a21efbd3fba660ef44347ea5264713cb745b707da6a2fd250d62e5c264
Instruction ID: 95f49b9ebd4abe172991388b73d6c83de61e027eae4305621c994d09ec5604eb
Opcode Fuzzy Hash: 6cf395a21efbd3fba660ef44347ea5264713cb745b707da6a2fd250d62e5c264
Instruction Fuzzy Hash: 06F09637505712AFE7222B35AC0DE1A7A519F01B71F104115F952E63D1CF7C884157B1

Function 00734B9B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON

Download Yara Rule

APIs

__ftol.LIBCMT ref: 00734BF0
__ftol.LIBCMT ref: 00734C1D

Strings

HOs, xrefs: 00734C9B
HOs, xrefs: 00734C35, 00734D05, 00734C62, 00734C84, 00734C93

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __ftol
String ID: HOs$HOs
API String ID: 495808979-1170231707
Opcode ID: 290ebcf93173f1e158dc69af70f391b7147613571c820b1a09affc15021a6df8
Instruction ID: a01ea61b532adc606cd2c4c351d99c4b3e7f1d763c2b7b305250837d1238b651
Opcode Fuzzy Hash: 290ebcf93173f1e158dc69af70f391b7147613571c820b1a09affc15021a6df8
Instruction Fuzzy Hash: DE51B3B1B11619DBDB08CF9DD484199B7F5FB48310F35846AE958CB352D3B6ED128B80

Function 006F89E6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

APIs

InterlockedIncrement.KERNEL32(008D620A), ref: 006F89F2
InterlockedDecrement.KERNEL32(008D620A), ref: 006F8A09

Part of subcall function 006F6CB5: InitializeCriticalSection.KERNEL32(00000000,008C68EE,00000010,?,006F181C,00000009,008C68EE,0088AACE,00000000,?,006ED1E4), ref: 006F6CF2
Part of subcall function 006F6CB5: EnterCriticalSection.KERNEL32(00000010,00000010,?,006F181C,00000009,008C68EE,0088AACE,00000000,?,006ED1E4), ref: 006F6D0D

InterlockedDecrement.KERNEL32(008D620A), ref: 006F8A35

Strings

N5o, xrefs: 006F8A16

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Interlocked$CriticalDecrementSection$EnterIncrementInitialize
String ID: N5o
API String ID: 2038102319-4202284967
Opcode ID: ff405bde5ca3a817f858bb9fa82ce42e5874421a2237eb343dd112233361c245
Instruction ID: a0cfe7fa59294cc82671ffda7671f90d36322be1a0406ffce0aa6217b9ae0e63
Opcode Fuzzy Hash: ff405bde5ca3a817f858bb9fa82ce42e5874421a2237eb343dd112233361c245
Instruction Fuzzy Hash: A2F0E23610230DBEEB106FA5EC82DEA3759EF94374F10803BF7049A241DFB15D028A65

Function 006ECF60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25windowCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 006ECF88
MessageBoxA.USER32(00000000,?,error,00000010), ref: 006ECF9F

Strings

error, xrefs: 006ECF97
program internal error number is %d. %s, xrefs: 006ECF82

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Messagewsprintf
String ID: error$program internal error number is %d. %s
API String ID: 300413163-3752934751
Opcode ID: 00bb3ac7342e2d1f906f91007d5635dc1f406b079cf3c7ec26e7b3e76c13723d
Instruction ID: e1827ccaa187a0fdf37d460e722d8e635175c3e4af85189dcf0c0016704dfe34
Opcode Fuzzy Hash: 00bb3ac7342e2d1f906f91007d5635dc1f406b079cf3c7ec26e7b3e76c13723d
Instruction Fuzzy Hash: 80E092756543407BE7049BA8DC5BFBA336AFB08700F40892CF156C11D0FAF8D5648626

Function 00738BC2 Relevance: 6.5, APIs: 5, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8456a41f583a0855273e8098b07f15375b62255783a816804c8cda6f8d9a9238
Instruction ID: 8a7fafebc5097ac80c22c1bb9e685e7729e68f9cfc0b70a3c3720b09dfc3dda4
Opcode Fuzzy Hash: 8456a41f583a0855273e8098b07f15375b62255783a816804c8cda6f8d9a9238
Instruction Fuzzy Hash: E39115B1D01314EFEF61AB68DC85ADE7B78EB04760F244616F814B6192EB398D40CB76

Function 006F65FC Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

HeapAlloc.KERNEL32(00000000,00002020,008C713E,008C713E,?,0088AACE,006F6AC8,008C68EE,00000010,00000000,00000009,00000009,?,006F182F,00000010,008C68EE), ref: 006F661D
VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,0088AACE,006F6AC8,008C68EE,00000010,00000000,00000009,00000009,?,006F182F,00000010,008C68EE), ref: 006F6641
VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,0088AACE,006F6AC8,008C68EE,00000010,00000000,00000009,00000009,?,006F182F,00000010,008C68EE), ref: 006F665B
VirtualFree.KERNEL32(00000000,00000000,00008000,?,0088AACE,006F6AC8,008C68EE,00000010,00000000,00000009,00000009,?,006F182F,00000010,008C68EE,0088AACE), ref: 006F671C
HeapFree.KERNEL32(00000000,00000000,?,0088AACE,006F6AC8,008C68EE,00000010,00000000,00000009,00000009,?,006F182F,00000010,008C68EE,0088AACE,00000000), ref: 006F6733

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocVirtual$FreeHeap
String ID:
API String ID: 714016831-0
Opcode ID: 3eaf20f040f0d5bec98d8d03a2ee76f0e39fc01ce86a43be76a66e1e26fa3c69
Instruction ID: ea6e1ad3c5ce3cde511344a8c73ed559b0e8b8bbd695b964d078a3fa608e7357
Opcode Fuzzy Hash: 3eaf20f040f0d5bec98d8d03a2ee76f0e39fc01ce86a43be76a66e1e26fa3c69
Instruction Fuzzy Hash: F231E0716007099BD3308F24DC41F72BBB6FB44B54F14853AF255D73A0EB74A8488B99

Function 00741628 Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(00000000,00002020,00988D48,00988D48,?,?,00741AF4,00000000,00000010,00000000,00000009,00000009,?,00737791,00000010,00000000), ref: 00741649
VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,00741AF4,00000000,00000010,00000000,00000009,00000009,?,00737791,00000010,00000000), ref: 0074166D
VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,00741AF4,00000000,00000010,00000000,00000009,00000009,?,00737791,00000010,00000000), ref: 00741687
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00741AF4,00000000,00000010,00000000,00000009,00000009,?,00737791,00000010,00000000,?), ref: 00741748
HeapFree.KERNEL32(00000000,00000000,?,?,00741AF4,00000000,00000010,00000000,00000009,00000009,?,00737791,00000010,00000000,?,00000000), ref: 0074175F

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocVirtual$FreeHeap
String ID:
API String ID: 714016831-0
Opcode ID: 4ef1296732636131971b455715fbbe707218aabb03b04474e9f00e1d837bbea0
Instruction ID: ffbcb8f58f4667a0817c14cde91c6876ab847319910487bc3918275c8fdce19c
Opcode Fuzzy Hash: 4ef1296732636131971b455715fbbe707218aabb03b04474e9f00e1d837bbea0
Instruction Fuzzy Hash: E83147716407059FD331AF24EC84B22B7E4EB54BA0F91823AE1559B3D0EF78A880DB64

Function 00497900 Relevance: 6.2, APIs: 4, Instructions: 246COMMON

Download Yara Rule

APIs

midiStreamOpen.WINMM(?,?,00000001,00497F20,?,00030000,?,?,?,00000000), ref: 0049792B
midiStreamProperty.WINMM ref: 00497A12
midiOutPrepareHeader.WINMM(?,?,00000040,00000001,?,?,?,?,00000000), ref: 00497B60

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: midi$Stream$HeaderOpenPrepareProperty
String ID:
API String ID: 2061886437-0
Opcode ID: e21cd050292edcab66dbacb283c4c236512925674f5b23d8f67b78ada4d13dc7
Instruction ID: 06e680b3e35c5edd2b8364e7b939320730c55cd27bc75d3b26aad7dd946383d3
Opcode Fuzzy Hash: e21cd050292edcab66dbacb283c4c236512925674f5b23d8f67b78ada4d13dc7
Instruction Fuzzy Hash: 98A16C712106058FDB24DF28D890BAABBF6FB84304F10892EE686C7750EB35F919CB44

Function 00742F21 Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(000001D0,000001D0,00000000,000001D0,00000000,00000000,00000000,00000000), ref: 00742F9B
GetLastError.KERNEL32 ref: 00742FA5
ReadFile.KERNEL32(?,?,00000001,000001D0,00000000), ref: 0074306B
GetLastError.KERNEL32 ref: 00743075

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileLastRead
String ID:
API String ID: 1948546556-0
Opcode ID: 76443da2afc64683eab8802a3efcdc70f707cf15ffd03df5618c12cba51ce163
Instruction ID: 37438fde8eece2f5b4e40e37fb243bef8e8fa1d5fa5146edf7f26abf91428bbd
Opcode Fuzzy Hash: 76443da2afc64683eab8802a3efcdc70f707cf15ffd03df5618c12cba51ce163
Instruction Fuzzy Hash: 95510830604389DFDF258F58C8847AD7BB2BF12314F544299E8698B262D779CB46CB11

Function 004AA530 Relevance: 6.2, APIs: 4, Instructions: 162COMMON

Download Yara Rule

APIs

DeleteObject.GDI32(?), ref: 004AA56E
GetDC.USER32(?), ref: 004AA6D2
ReleaseDC.USER32(?,?), ref: 004AA6F6
DeleteObject.GDI32(?), ref: 004AA728

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DeleteObject$Release
String ID:
API String ID: 2600533906-0
Opcode ID: 4934acb3dd229751b6a9feac3330ff11637818c090027137b30fa33de193373b
Instruction ID: 73f95c6a841c39edae78226e779c4dd6e66355b21b1fa1a9413fcbf32072a8a6
Opcode Fuzzy Hash: 4934acb3dd229751b6a9feac3330ff11637818c090027137b30fa33de193373b
Instruction Fuzzy Hash: 16516DB5A002449FDF14DF28C584B967BE5BB69300F08817AEC49CF306EB789919CB66

Function 006F868E Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,00000000,00000000,00000001,?,00000000), ref: 006F8755

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 284941f9769b674b062aa8df484fb813e425df33040c9c9b7c3ed0499d2168b2
Instruction ID: b2d14741f984369c99132753f05c61431b0b69ec775433fae2cc430394efe5cf
Opcode Fuzzy Hash: 284941f9769b674b062aa8df484fb813e425df33040c9c9b7c3ed0499d2168b2
Instruction Fuzzy Hash: 79513935A0064CEFCB11DF68C884BEDBBB6FF41340F248599EA169B261DB70DA41CB65

Function 00742D31 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,00000000,00000000,00000001,?,?), ref: 00742DF8

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: cacca8a2431b48b22284ecf3d33308436b416ca6a6d6948965ff973132286470
Instruction ID: 2bb07d24ee0e235b45f277e0b3ef4b870bc4c8985edc6dc3e086daa2140fc969
Opcode Fuzzy Hash: cacca8a2431b48b22284ecf3d33308436b416ca6a6d6948965ff973132286470
Instruction Fuzzy Hash: 5951B271A00258EFDB11CF68C888AAD7BB5FF45340F5081A9F5159B252DB34DA52CB61

Function 006ED5E0 Relevance: 6.1, APIs: 4, Instructions: 61fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000020,00000000,00000000,00000000,80000005), ref: 006ED5F8
WriteFile.KERNEL32(00000000,00000000,?,?,00000000,0088AACE,?,0000026C), ref: 006ED637
CloseHandle.KERNEL32(00000000,?,0000026C), ref: 006ED64A
CloseHandle.KERNEL32(00000000,0088AACE,?,0000026C), ref: 006ED665

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseFileHandle$CreateWrite
String ID:
API String ID: 3602564925-0
Opcode ID: 9069c7ff27972ece487f54a5c8c9e74c6828ef9377fe0d6e97bf972dfec62e00
Instruction ID: 15cecec411ebd3fa8d71bd1630c2f3bc32ab741de0c4c9176341d4c44e8a87c2
Opcode Fuzzy Hash: 9069c7ff27972ece487f54a5c8c9e74c6828ef9377fe0d6e97bf972dfec62e00
Instruction Fuzzy Hash: EE11C235300341AFD310CF18EC85FAEB3E4FB89714F144919F99597280D3B4E8098B66

Function 00735C12 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00735CA2

Strings

pow, xrefs: 00735C7A, 00735C97

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 8598d31ea1c2e091663e35a0fd9a9749921641d35f60ec837d22c33a569b5690
Instruction ID: 5289f8215507a9a1f69d1144ebc61a985dbfc87fd40291f715286f89641756d7
Opcode Fuzzy Hash: 8598d31ea1c2e091663e35a0fd9a9749921641d35f60ec837d22c33a569b5690
Instruction Fuzzy Hash: 99517C61B2CB028AFB317B14EC5537E7B94AB40750F249D59E4C2422ABEF7C8C84DB56

Function 00481B00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 172COMMON

Download Yara Rule

APIs

Part of subcall function 00485360: GetCurrentThreadId.KERNEL32 ref: 00485385
Part of subcall function 00485360: IsWindow.USER32(00000000), ref: 004853A1
Part of subcall function 00485360: SendMessageA.USER32(00000000,000083E7,?,00000000), ref: 004853BA
Part of subcall function 00485360: ExitProcess.KERNEL32 ref: 004853CF

DeleteCriticalSection.KERNEL32(009998E0,?,?,?,?,?,?,?,?,0048CA9D), ref: 00481B3A

Part of subcall function 0075F3AA: __EH_prolog.LIBCMT ref: 0075F3AF

Strings

!, xrefs: 00481B28
#, xrefs: 00481DB3

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalCurrentDeleteExitH_prologMessageProcessSectionSendThreadWindow
String ID: !$#
API String ID: 2888814780-2504090897
Opcode ID: b008a5fe71971c8a0bc0a66512cbe6304f85b05fe37ea189efcac88adf8636b1
Instruction ID: 98c58712f0819ae90d56a9281b9b73925ade75be0cb605b1181654e10d68e74e
Opcode Fuzzy Hash: b008a5fe71971c8a0bc0a66512cbe6304f85b05fe37ea189efcac88adf8636b1
Instruction Fuzzy Hash: 41915130018781CAD326EF75D4947DABFE4AFB6348F54485DE4DA07292DBB8624CC7A2

Function 0073C2E7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,00000000), ref: 0073C2FB

Strings

, xrefs: 0073C320
, xrefs: 0073C344

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Info
String ID: $
API String ID: 1807457897-3032137957
Opcode ID: 3334d016385e72a7396be70a969249bdb3abef8aa85b1f97e55b2f11afa80cda
Instruction ID: 1ae1272becf41c4fa48237c362dcc28b566abdf4628711992719e3579509f2b8
Opcode Fuzzy Hash: 3334d016385e72a7396be70a969249bdb3abef8aa85b1f97e55b2f11afa80cda
Instruction Fuzzy Hash: 9F4147710082D89AFB179714DD9DBFA7FE8AB0A700F1444E5E689EB053C3694E449BA3

Function 0048D880 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0048D911
wsprintfA.USER32 ref: 0048D92B
wsprintfA.USER32 ref: 0048D946

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf
String ID:
API String ID: 2111968516-0
Opcode ID: 91c327bc6c15caeea181adefe6fa17fc1c949c43df94657a5d093835bc3b2d2d
Instruction ID: d679f781d77b95e640992a0a11886085e4adc1258c8b1f0a572e95a4c3a1814c
Opcode Fuzzy Hash: 91c327bc6c15caeea181adefe6fa17fc1c949c43df94657a5d093835bc3b2d2d
Instruction Fuzzy Hash: 4231E7B19043049BD714EB64DC4996FB7E8EFC4754F440A1DF85693382EB78EA08C7A6

Function 00741186 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapReAlloc.KERNEL32(00000000,00000050,00000000,00000000,00740F4E,00000000,00000000,00000000,00737733,00000000,00000000,?,00000000,00000000,00000000), ref: 007411AE
HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,00740F4E,00000000,00000000,00000000,00737733,00000000,00000000,?,00000000,00000000,00000000), ref: 007411E2
VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 007411FC
HeapFree.KERNEL32(00000000,?), ref: 00741213

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocHeap$FreeVirtual
String ID:
API String ID: 3499195154-0
Opcode ID: 3acf3cebacc5cc9760f814a3ba9d480fe6af878e25f3a6f9dcfcff46f5955c96
Instruction ID: e49ff6fb723d5bcb4b61b6429c517aba6ba5e20255fa8afac87e64ceb4b6fb57
Opcode Fuzzy Hash: 3acf3cebacc5cc9760f814a3ba9d480fe6af878e25f3a6f9dcfcff46f5955c96
Instruction Fuzzy Hash: 8B116D70304740AFCB21AF29FC8AA217BB6FB84B10B908A19F152CB2B0C7B19D41DF10

Function 006F6450 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

HeapReAlloc.KERNEL32(00000000,00000050,008C68EE,00000000,006F6218,008C68EE,006ED1E4,00000000,006F17D1,006ED1E4,008C68EE,0088AACE,00000000,?,006ED1E4), ref: 006F6478
HeapAlloc.KERNEL32(00000008,000041C4,008C68EE,00000000,006F6218,008C68EE,006ED1E4,00000000,006F17D1,006ED1E4,008C68EE,0088AACE,00000000,?,006ED1E4), ref: 006F64AC
VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004,?,006ED1E4), ref: 006F64C6
HeapFree.KERNEL32(00000000,?,?,006ED1E4), ref: 006F64DD

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocHeap$FreeVirtual
String ID:
API String ID: 3499195154-0
Opcode ID: 3278801f6cb7b30a32af308e8d017aee355cc40845a194bbb123c1d24f77172c
Instruction ID: 68f6828a4fa6168b924e4976d86a7199d7ab94aef88743aaf8b27207667f033f
Opcode Fuzzy Hash: 3278801f6cb7b30a32af308e8d017aee355cc40845a194bbb123c1d24f77172c
Instruction Fuzzy Hash: 6E1119302057019FC722DF18EC45D667BF7FB95760B108A2AF252C72A0E770A901CB59

Function 00767E1A Relevance: 5.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(009E2A78,?,00000000,?,?,0076718C,00000010,?,00000000,?,?,?,00766B73,00766BD6,00766457,00766B79), ref: 00767E55
InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,?,0076718C,00000010,?,00000000,?,?,?,00766B73,00766BD6,00766457,00766B79), ref: 00767E67
LeaveCriticalSection.KERNEL32(009E2A78,?,00000000,?,?,0076718C,00000010,?,00000000,?,?,?,00766B73,00766BD6,00766457,00766B79), ref: 00767E70
EnterCriticalSection.KERNEL32(00000000,00000000,?,?,0076718C,00000010,?,00000000,?,?,?,00766B73,00766BD6,00766457,00766B79,00762088), ref: 00767E82

Part of subcall function 00767D87: GetVersion.KERNEL32(?,00767E2A,?,0076718C,00000010,?,00000000,?,?,?,00766B73,00766BD6,00766457,00766B79,00762088,0076332A), ref: 00767D9A

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$Enter$InitializeLeaveVersion
String ID:
API String ID: 1193629340-0
Opcode ID: 4da1b048a38b3e53db478968477ebcfdfdbd8743131d5a82425e4b487a355459
Instruction ID: 629b04f0ecc056ea1ae6e39c5f899ac2c06bbac732317b63228f64f7f5e9d3c4
Opcode Fuzzy Hash: 4da1b048a38b3e53db478968477ebcfdfdbd8743131d5a82425e4b487a355459
Instruction Fuzzy Hash: 88F0AF3141829ADFCB24DFA5FCC4966B3ACFB1435AB104436EA4383011EB79AC18DAA4

Function 0073F80B Relevance: 5.0, APIs: 4, Instructions: 12COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(?,0073CF33,?,00735ABE), ref: 0073F818
InitializeCriticalSection.KERNEL32(?,0073CF33,?,00735ABE), ref: 0073F820
InitializeCriticalSection.KERNEL32(?,0073CF33,?,00735ABE), ref: 0073F828
InitializeCriticalSection.KERNEL32(?,0073CF33,?,00735ABE), ref: 0073F830

Memory Dump Source

Source File: 00000000.00000002.1687893254.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687878337.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688078705.000000000076E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688172624.000000000087D000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688190728.000000000087F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688208993.0000000000881000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688238102.00000000008C6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688252454.00000000008C7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688266399.00000000008C9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688281425.00000000008D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688308123.00000000008D8000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688322597.00000000008D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688336845.00000000008DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688385760.0000000000987000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688400833.000000000098A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.0000000000998000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688414692.00000000009E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1688478243.00000000009E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalInitializeSection
String ID:
API String ID: 32694325-0
Opcode ID: 462a92e4a88f6c7cbf6d13d86ca152536851469fffc49765f6605c8b68e5f23e
Instruction ID: 618f893d580a74f685ff303e632807ed6c6714f56fe1088ecaa8e2b72ea2d53c
Opcode Fuzzy Hash: 462a92e4a88f6c7cbf6d13d86ca152536851469fffc49765f6605c8b68e5f23e
Instruction Fuzzy Hash: CCC002318BA435AECB922F75FE058473F26EB052603454063E145512388E651C11FFF0

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exePID: 6624, Parent PID: 2580

General

Chronological Activities

Disassembly

Analysis Process: SecuriteInfo.com.Win32.Evo-gen.30275.11455.exePID: 6624, Parent PID: 2580COMMON

Execution Graph

Graph

Executed Functions

Windows Analysis Report
SecuriteInfo.com.Win32.Evo-gen.30275.11455.exe

Function 00485360 Relevance: 18.3, APIs: 12, Instructions: 273
threadwindownetworkCOMMON

Function 004847B0 Relevance: 15.3, APIs: 10, Instructions: 281
libraryloaderCOMMON

Function 004E2FBF Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMON

Function 004741E0 Relevance: 3.0, APIs: 2, Instructions: 37
memoryCOMMON

Function 00766D6F Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99
memoryCOMMON

Function 004AB9A0 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370
commemorythreadCOMMON

Function 00767A01 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88
stringCOMMON

Function 006ECFC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25
memorywindowCOMMON

Function 0076799E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32
COMMON

Function 00762098 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27
threadCOMMON

Function 0048E5A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 7
windowCOMMON

Function 00473FE0 Relevance: 3.1, APIs: 2, Instructions: 78
COMMON

Function 0073D170 Relevance: 3.0, APIs: 2, Instructions: 30
memoryCOMMON

Function 0075F1EA Relevance: 3.0, APIs: 2, Instructions: 25
threadCOMMON

Function 006F1783 Relevance: 1.6, APIs: 1, Instructions: 80
memoryCOMMON